CVE-2023-24998 (GCVE-0-2023-24998)

Vulnerability from cvelistv5 – Published: 2023-02-20 15:57 – Updated: 2025-11-03 21:47

Title

Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts

Summary

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Severity

No CVSS data available.

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

apache

References

8 references

URL	Tags
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7…	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/05/22/1
https://security.gentoo.org/glsa/202305-37
https://www.debian.org/security/2023/dsa-5522
https://lists.debian.org/debian-lts-announce/2023…
https://security.netapp.com/advisory/ntap-2023030…
https://lists.debian.org/debian-lts-announce/2025…
https://security.netapp.com/advisory/ntap-2024110…

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Commons FileUpload	Affected: 0 , < 1.5 (semver)
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 Affected: 10.0.0-M1 , ≤ 10.1.4 (semver) Affected: 9.0.0-M1 , ≤ 9.0.70 (semver) Affected: 8.5.0 , ≤ 8.5.84 (semver)

Credits

Jakob Ackermann

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:47:24.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230302-0013/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "11.0.0-M1"
            },
            {
              "lessThanOrEqual": "10.1.4",
              "status": "affected",
              "version": "10.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.70",
              "status": "affected",
              "version": "9.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.84",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jakob Ackermann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured.\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T15:06:16.472Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
        },
        {
          "url": "https://security.gentoo.org/glsa/202305-37"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5522"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-24998",
    "datePublished": "2023-02-20T15:57:07.372Z",
    "dateReserved": "2023-02-01T10:32:05.492Z",
    "dateUpdated": "2025-11-03T21:47:24.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-24998",
      "date": "2026-06-28",
      "epss": "0.46836",
      "percentile": "0.9868"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0\", \"versionEndExcluding\": \"1.5\", \"matchCriteriaId\": \"7B386378-64A5-417D-9FE8-F25AE7A26459\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n          new configuration option (FileUploadBase#setFileCountMax) is not\\n          enabled by default and must be explicitly configured.\\n\\n\\n\"}]",
      "id": "CVE-2023-24998",
      "lastModified": "2024-11-21T07:48:54.163",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-02-20T16:15:10.423",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/05/22/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-37\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230302-0013/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-24998\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-02-20T16:15:10.423\",\"lastModified\":\"2026-06-17T05:40:26.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\\n\\n\\n\\n\\nNote that, like all of the file upload limits, the\\n          new configuration option (FileUploadBase#setFileCountMax) is not\\n          enabled by default and must be explicitly configured.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Commons FileUpload\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"status\":\"affected\"},{\"version\":\"10.0.0-M1\",\"lessThanOrEqual\":\"10.1.4\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.0-M1\",\"lessThanOrEqual\":\"9.0.70\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.84\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.5\",\"matchCriteriaId\":\"7B386378-64A5-417D-9FE8-F25AE7A26459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B413FF-EBC0-4DFA-B507-AA2A3579E349\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/05/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-37\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230302-0013/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2026:1058-1

Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46

Summary

Security update for tomcat

Severity

Important

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895). - CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash (bsc#1246389). - CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318). - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2023-44487: Rapid reset attack (bsc#1216182).

Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058

CVE-2020-13934

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2020-13935

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2020-13943

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2020-17527

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2021-24122

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2021-25122

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2021-25329

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2021-30640

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2021-33037

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2021-41079

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2021-43980

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2022-23181

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2022-42252

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2023-24998

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-28708

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-28709

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-41080

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2023-42795

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-45468

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2023-46589

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2024-21733

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-23672

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-24549

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-34750

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-38286

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-50379

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2024-52316

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2024-54677

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-24813

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-31651

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-46701

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-48988

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-48989

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-49125

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-52434

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-52520

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-53506

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-55752

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2025-55754

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-61795

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24733

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

162 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1216182	self
https://bugzilla.suse.com/1243895	self
https://bugzilla.suse.com/1246318	self
https://bugzilla.suse.com/1246389	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1258385	self
https://bugzilla.suse.com/1259224	self
https://www.suse.com/security/cve/CVE-2020-13934/	self
https://www.suse.com/security/cve/CVE-2020-13935/	self
https://www.suse.com/security/cve/CVE-2020-13943/	self
https://www.suse.com/security/cve/CVE-2020-17527/	self
https://www.suse.com/security/cve/CVE-2021-24122/	self
https://www.suse.com/security/cve/CVE-2021-25122/	self
https://www.suse.com/security/cve/CVE-2021-25329/	self
https://www.suse.com/security/cve/CVE-2021-30640/	self
https://www.suse.com/security/cve/CVE-2021-33037/	self
https://www.suse.com/security/cve/CVE-2021-41079/	self
https://www.suse.com/security/cve/CVE-2021-43980/	self
https://www.suse.com/security/cve/CVE-2022-23181/	self
https://www.suse.com/security/cve/CVE-2022-42252/	self
https://www.suse.com/security/cve/CVE-2023-24998/	self
https://www.suse.com/security/cve/CVE-2023-28708/	self
https://www.suse.com/security/cve/CVE-2023-28709/	self
https://www.suse.com/security/cve/CVE-2023-41080/	self
https://www.suse.com/security/cve/CVE-2023-42795/	self
https://www.suse.com/security/cve/CVE-2023-44487/	self
https://www.suse.com/security/cve/CVE-2023-45468/	self
https://www.suse.com/security/cve/CVE-2023-46589/	self
https://www.suse.com/security/cve/CVE-2024-21733/	self
https://www.suse.com/security/cve/CVE-2024-23672/	self
https://www.suse.com/security/cve/CVE-2024-24549/	self
https://www.suse.com/security/cve/CVE-2024-34750/	self
https://www.suse.com/security/cve/CVE-2024-38286/	self
https://www.suse.com/security/cve/CVE-2024-50379/	self
https://www.suse.com/security/cve/CVE-2024-52316/	self
https://www.suse.com/security/cve/CVE-2024-54677/	self
https://www.suse.com/security/cve/CVE-2025-24813/	self
https://www.suse.com/security/cve/CVE-2025-31651/	self
https://www.suse.com/security/cve/CVE-2025-46701/	self
https://www.suse.com/security/cve/CVE-2025-48988/	self
https://www.suse.com/security/cve/CVE-2025-48989/	self
https://www.suse.com/security/cve/CVE-2025-49125/	self
https://www.suse.com/security/cve/CVE-2025-52434/	self
https://www.suse.com/security/cve/CVE-2025-52520/	self
https://www.suse.com/security/cve/CVE-2025-53506/	self
https://www.suse.com/security/cve/CVE-2025-55752/	self
https://www.suse.com/security/cve/CVE-2025-55754/	self
https://www.suse.com/security/cve/CVE-2025-61795/	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24733/	self
https://www.suse.com/security/cve/CVE-2020-13934	external
https://bugzilla.suse.com/1174121	external
https://www.suse.com/security/cve/CVE-2020-13935	external
https://bugzilla.suse.com/1174117	external
https://www.suse.com/security/cve/CVE-2020-13943	external
https://bugzilla.suse.com/1177582	external
https://www.suse.com/security/cve/CVE-2020-17527	external
https://bugzilla.suse.com/1179602	external
https://bugzilla.suse.com/1180830	external
https://www.suse.com/security/cve/CVE-2021-24122	external
https://bugzilla.suse.com/1180947	external
https://www.suse.com/security/cve/CVE-2021-25122	external
https://bugzilla.suse.com/1182912	external
https://bugzilla.suse.com/1188549	external
https://www.suse.com/security/cve/CVE-2021-25329	external
https://bugzilla.suse.com/1182909	external
https://bugzilla.suse.com/1200696	external
https://www.suse.com/security/cve/CVE-2021-30640	external
https://bugzilla.suse.com/1188279	external
https://bugzilla.suse.com/1200696	external
https://www.suse.com/security/cve/CVE-2021-33037	external
https://bugzilla.suse.com/1188278	external
https://bugzilla.suse.com/1200696	external
https://www.suse.com/security/cve/CVE-2021-41079	external
https://bugzilla.suse.com/1190558	external
https://www.suse.com/security/cve/CVE-2021-43980	external
https://bugzilla.suse.com/1203868	external
https://www.suse.com/security/cve/CVE-2022-23181	external
https://bugzilla.suse.com/1195255	external
https://bugzilla.suse.com/1196395	external
https://bugzilla.suse.com/1200696	external
https://www.suse.com/security/cve/CVE-2022-42252	external
https://bugzilla.suse.com/1204918	external
https://bugzilla.suse.com/1220503	external
https://www.suse.com/security/cve/CVE-2023-24998	external
https://bugzilla.suse.com/1208513	external
https://bugzilla.suse.com/1210310	external
https://bugzilla.suse.com/1211608	external
https://bugzilla.suse.com/1228313	external
https://www.suse.com/security/cve/CVE-2023-28708	external
https://bugzilla.suse.com/1209622	external
https://www.suse.com/security/cve/CVE-2023-28709	external
https://bugzilla.suse.com/1211608	external
https://bugzilla.suse.com/1228313	external
https://www.suse.com/security/cve/CVE-2023-41080	external
https://bugzilla.suse.com/1214666	external
https://www.suse.com/security/cve/CVE-2023-42795	external
https://bugzilla.suse.com/1216119	external
https://www.suse.com/security/cve/CVE-2023-44487	external
https://bugzilla.suse.com/1216109	external
https://bugzilla.suse.com/1216123	external
https://bugzilla.suse.com/1216169	external
https://bugzilla.suse.com/1216171	external
https://bugzilla.suse.com/1216174	external
https://bugzilla.suse.com/1216176	external
https://bugzilla.suse.com/1216181	external
https://bugzilla.suse.com/1216182	external
https://bugzilla.suse.com/1216190	external
https://www.suse.com/security/cve/CVE-2023-45468	external
https://bugzilla.suse.com/1220503	external
https://www.suse.com/security/cve/CVE-2023-46589	external
https://bugzilla.suse.com/1217649	external
https://www.suse.com/security/cve/CVE-2024-21733	external
https://bugzilla.suse.com/1219023	external
https://bugzilla.suse.com/1220503	external
https://www.suse.com/security/cve/CVE-2024-23672	external
https://bugzilla.suse.com/1221385	external
https://www.suse.com/security/cve/CVE-2024-24549	external
https://bugzilla.suse.com/1221386	external
https://www.suse.com/security/cve/CVE-2024-34750	external
https://bugzilla.suse.com/1227399	external
https://www.suse.com/security/cve/CVE-2024-38286	external
https://bugzilla.suse.com/1230986	external
https://www.suse.com/security/cve/CVE-2024-50379	external
https://bugzilla.suse.com/1234663	external
https://www.suse.com/security/cve/CVE-2024-52316	external
https://bugzilla.suse.com/1233434	external
https://www.suse.com/security/cve/CVE-2024-54677	external
https://bugzilla.suse.com/1234664	external
https://www.suse.com/security/cve/CVE-2025-24813	external
https://bugzilla.suse.com/1239302	external
https://www.suse.com/security/cve/CVE-2025-31651	external
https://bugzilla.suse.com/1242009	external
https://www.suse.com/security/cve/CVE-2025-46701	external
https://bugzilla.suse.com/1243815	external
https://www.suse.com/security/cve/CVE-2025-48988	external
https://bugzilla.suse.com/1244656	external
https://www.suse.com/security/cve/CVE-2025-48989	external
https://bugzilla.suse.com/1243888	external
https://bugzilla.suse.com/1243895	external
https://www.suse.com/security/cve/CVE-2025-49125	external
https://bugzilla.suse.com/1244649	external
https://www.suse.com/security/cve/CVE-2025-52434	external
https://bugzilla.suse.com/1246389	external
https://www.suse.com/security/cve/CVE-2025-52520	external
https://bugzilla.suse.com/1246388	external
https://www.suse.com/security/cve/CVE-2025-53506	external
https://bugzilla.suse.com/1246318	external
https://www.suse.com/security/cve/CVE-2025-55752	external
https://bugzilla.suse.com/1252753	external
https://www.suse.com/security/cve/CVE-2025-55754	external
https://bugzilla.suse.com/1252905	external
https://www.suse.com/security/cve/CVE-2025-61795	external
https://bugzilla.suse.com/1252756	external
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24733	external
https://bugzilla.suse.com/1258385	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n  (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1058-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1058-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216182",
        "url": "https://bugzilla.suse.com/1216182"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243895",
        "url": "https://bugzilla.suse.com/1243895"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1246318",
        "url": "https://bugzilla.suse.com/1246318"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1246389",
        "url": "https://bugzilla.suse.com/1246389"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258385",
        "url": "https://bugzilla.suse.com/1258385"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259224",
        "url": "https://bugzilla.suse.com/1259224"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-13934 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-13934/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-13935 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-13935/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-13943 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-13943/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-17527 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-17527/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-24122 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-24122/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-25122 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-25122/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-25329 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-25329/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-30640 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-30640/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-33037 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-33037/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41079 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41079/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43980 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43980/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-23181 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-23181/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42252 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42252/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-24998 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-24998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28708 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28709 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-41080 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-41080/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42795 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-44487 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-44487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-45468 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-45468/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46589 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46589/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-21733 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-21733/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23672 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23672/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-24549 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-24549/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34750 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34750/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-38286 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-38286/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50379 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50379/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-52316 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-52316/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54677 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54677/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-24813 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-24813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-31651 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-31651/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-46701 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-46701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48988 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48988/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48989 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48989/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49125 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49125/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52434 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52434/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-52520 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-52520/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-53506 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-53506/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55752 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55752/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55754 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61795 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24733 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24733/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2026-03-26T09:46:45Z",
      "generator": {
        "date": "2026-03-26T09:46:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1058-1",
      "initial_release_date": "2026-03-26T09:46:45Z",
      "revision_history": [
        {
          "date": "2026-03-26T09:46:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-embed-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-embed-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.115-3.160.1.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.115-3.160.1.noarch",
                  "product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-13934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-13934",
          "url": "https://www.suse.com/security/cve/CVE-2020-13934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174121 for CVE-2020-13934",
          "url": "https://bugzilla.suse.com/1174121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-13934"
    },
    {
      "cve": "CVE-2020-13935",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-13935"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-13935",
          "url": "https://www.suse.com/security/cve/CVE-2020-13935"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174117 for CVE-2020-13935",
          "url": "https://bugzilla.suse.com/1174117"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13943",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-13943"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-13943",
          "url": "https://www.suse.com/security/cve/CVE-2020-13943"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177582 for CVE-2020-13943",
          "url": "https://bugzilla.suse.com/1177582"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-13943"
    },
    {
      "cve": "CVE-2020-17527",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-17527"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-17527",
          "url": "https://www.suse.com/security/cve/CVE-2020-17527"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179602 for CVE-2020-17527",
          "url": "https://bugzilla.suse.com/1179602"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180830 for CVE-2020-17527",
          "url": "https://bugzilla.suse.com/1180830"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-17527"
    },
    {
      "cve": "CVE-2021-24122",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-24122"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-24122",
          "url": "https://www.suse.com/security/cve/CVE-2021-24122"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180947 for CVE-2021-24122",
          "url": "https://bugzilla.suse.com/1180947"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-24122"
    },
    {
      "cve": "CVE-2021-25122",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-25122"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-25122",
          "url": "https://www.suse.com/security/cve/CVE-2021-25122"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182912 for CVE-2021-25122",
          "url": "https://bugzilla.suse.com/1182912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188549 for CVE-2021-25122",
          "url": "https://bugzilla.suse.com/1188549"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-25122"
    },
    {
      "cve": "CVE-2021-25329",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-25329"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-25329",
          "url": "https://www.suse.com/security/cve/CVE-2021-25329"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182909 for CVE-2021-25329",
          "url": "https://bugzilla.suse.com/1182909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200696 for CVE-2021-25329",
          "url": "https://bugzilla.suse.com/1200696"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-25329"
    },
    {
      "cve": "CVE-2021-30640",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-30640"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-30640",
          "url": "https://www.suse.com/security/cve/CVE-2021-30640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188279 for CVE-2021-30640",
          "url": "https://bugzilla.suse.com/1188279"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200696 for CVE-2021-30640",
          "url": "https://bugzilla.suse.com/1200696"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-30640"
    },
    {
      "cve": "CVE-2021-33037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-33037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-33037",
          "url": "https://www.suse.com/security/cve/CVE-2021-33037"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188278 for CVE-2021-33037",
          "url": "https://bugzilla.suse.com/1188278"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200696 for CVE-2021-33037",
          "url": "https://bugzilla.suse.com/1200696"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-41079",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41079"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41079",
          "url": "https://www.suse.com/security/cve/CVE-2021-41079"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190558 for CVE-2021-41079",
          "url": "https://bugzilla.suse.com/1190558"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41079"
    },
    {
      "cve": "CVE-2021-43980",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43980"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43980",
          "url": "https://www.suse.com/security/cve/CVE-2021-43980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203868 for CVE-2021-43980",
          "url": "https://bugzilla.suse.com/1203868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-43980"
    },
    {
      "cve": "CVE-2022-23181",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-23181"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-23181",
          "url": "https://www.suse.com/security/cve/CVE-2022-23181"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195255 for CVE-2022-23181",
          "url": "https://bugzilla.suse.com/1195255"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196395 for CVE-2022-23181",
          "url": "https://bugzilla.suse.com/1196395"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200696 for CVE-2022-23181",
          "url": "https://bugzilla.suse.com/1200696"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-23181"
    },
    {
      "cve": "CVE-2022-42252",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42252"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42252",
          "url": "https://www.suse.com/security/cve/CVE-2022-42252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204918 for CVE-2022-42252",
          "url": "https://bugzilla.suse.com/1204918"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220503 for CVE-2022-42252",
          "url": "https://bugzilla.suse.com/1220503"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2023-24998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-24998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-24998",
          "url": "https://www.suse.com/security/cve/CVE-2023-24998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208513 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1208513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210310 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1210310"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211608 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1211608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228313 for CVE-2023-24998",
          "url": "https://bugzilla.suse.com/1228313"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-28708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not  include the secure attribute. This could result in the user agent  transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28708",
          "url": "https://www.suse.com/security/cve/CVE-2023-28708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209622 for CVE-2023-28708",
          "url": "https://bugzilla.suse.com/1209622"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount  could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters  in the query string, the limit for uploaded request parts could be  bypassed with the potential for a denial of service to occur.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28709",
          "url": "https://www.suse.com/security/cve/CVE-2023-28709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211608 for CVE-2023-28709",
          "url": "https://bugzilla.suse.com/1211608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228313 for CVE-2023-28709",
          "url": "https://bugzilla.suse.com/1228313"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28709"
    },
    {
      "cve": "CVE-2023-41080",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-41080"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may  also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-41080",
          "url": "https://www.suse.com/security/cve/CVE-2023-41080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214666 for CVE-2023-41080",
          "url": "https://bugzilla.suse.com/1214666"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-42795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may  also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42795",
          "url": "https://www.suse.com/security/cve/CVE-2023-42795"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216119 for CVE-2023-42795",
          "url": "https://bugzilla.suse.com/1216119"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-42795"
    },
    {
      "cve": "CVE-2023-44487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-44487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-44487",
          "url": "https://www.suse.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216109 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216123 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216169 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216169"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216171 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216171"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216174 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216176 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216176"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216181 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216181"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216182 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216182"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216190 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216190"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45468",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-45468"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-45468",
          "url": "https://www.suse.com/security/cve/CVE-2023-45468"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220503 for CVE-2023-45468",
          "url": "https://bugzilla.suse.com/1220503"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-45468"
    },
    {
      "cve": "CVE-2023-46589",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46589"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11  onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46589",
          "url": "https://www.suse.com/security/cve/CVE-2023-46589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217649 for CVE-2023-46589",
          "url": "https://bugzilla.suse.com/1217649"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2024-21733",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-21733"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.  Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-21733",
          "url": "https://www.suse.com/security/cve/CVE-2024-21733"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219023 for CVE-2024-21733",
          "url": "https://bugzilla.suse.com/1219023"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220503 for CVE-2024-21733",
          "url": "https://bugzilla.suse.com/1220503"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-21733"
    },
    {
      "cve": "CVE-2024-23672",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23672"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23672",
          "url": "https://www.suse.com/security/cve/CVE-2024-23672"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221385 for CVE-2024-23672",
          "url": "https://bugzilla.suse.com/1221385"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-24549",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-24549"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.  Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-24549",
          "url": "https://www.suse.com/security/cve/CVE-2024-24549"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221386 for CVE-2024-24549",
          "url": "https://bugzilla.suse.com/1221386"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-34750",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34750"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100.  Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34750",
          "url": "https://www.suse.com/security/cve/CVE-2024-34750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227399 for CVE-2024-34750",
          "url": "https://bugzilla.suse.com/1227399"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-34750"
    },
    {
      "cve": "CVE-2024-38286",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-38286"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109.  Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-38286",
          "url": "https://www.suse.com/security/cve/CVE-2024-38286"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230986 for CVE-2024-38286",
          "url": "https://bugzilla.suse.com/1230986"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-38286"
    },
    {
      "cve": "CVE-2024-50379",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50379"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50379",
          "url": "https://www.suse.com/security/cve/CVE-2024-50379"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234663 for CVE-2024-50379",
          "url": "https://bugzilla.suse.com/1234663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-50379"
    },
    {
      "cve": "CVE-2024-52316",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-52316"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)  ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta  Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100.  Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-52316",
          "url": "https://www.suse.com/security/cve/CVE-2024-52316"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233434 for CVE-2024-52316",
          "url": "https://bugzilla.suse.com/1233434"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-52316"
    },
    {
      "cve": "CVE-2024-54677",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54677"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54677",
          "url": "https://www.suse.com/security/cve/CVE-2024-54677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234664 for CVE-2024-54677",
          "url": "https://bugzilla.suse.com/1234664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-54677"
    },
    {
      "cve": "CVE-2025-24813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-24813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to  Remote Code Execution and/or Information disclosure  and/or malicious content added to uploaded files via write enabled  Default Servlet  in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view       security sensitive files and/or inject content into those files:\n-  writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of  a target URL for public uploads\n-  attacker knowledge of the names of security sensitive files being  uploaded\n-  the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to       perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n-  support for partial PUT (enabled by default)\n-  application was using Tomcat\u0027s file based session persistence with the  default storage location\n-  application included a library that may be leveraged in a  deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-24813",
          "url": "https://www.suse.com/security/cve/CVE-2025-24813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239302 for CVE-2025-24813",
          "url": "https://bugzilla.suse.com/1239302"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-24813"
    },
    {
      "cve": "CVE-2025-31651",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-31651"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.  For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-31651",
          "url": "https://www.suse.com/security/cve/CVE-2025-31651"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242009 for CVE-2025-31651",
          "url": "https://bugzilla.suse.com/1242009"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-31651"
    },
    {
      "cve": "CVE-2025-46701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-46701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-46701",
          "url": "https://www.suse.com/security/cve/CVE-2025-46701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243815 for CVE-2025-46701",
          "url": "https://bugzilla.suse.com/1243815"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-46701"
    },
    {
      "cve": "CVE-2025-48988",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48988"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48988",
          "url": "https://www.suse.com/security/cve/CVE-2025-48988"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244656 for CVE-2025-48988",
          "url": "https://bugzilla.suse.com/1244656"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48988"
    },
    {
      "cve": "CVE-2025-48989",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48989"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48989",
          "url": "https://www.suse.com/security/cve/CVE-2025-48989"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243888 for CVE-2025-48989",
          "url": "https://bugzilla.suse.com/1243888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243895 for CVE-2025-48989",
          "url": "https://bugzilla.suse.com/1243895"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49125",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49125"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.   When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49125",
          "url": "https://www.suse.com/security/cve/CVE-2025-49125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244649 for CVE-2025-49125",
          "url": "https://bugzilla.suse.com/1244649"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-49125"
    },
    {
      "cve": "CVE-2025-52434",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52434"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52434",
          "url": "https://www.suse.com/security/cve/CVE-2025-52434"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246389 for CVE-2025-52434",
          "url": "https://bugzilla.suse.com/1246389"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-52434"
    },
    {
      "cve": "CVE-2025-52520",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-52520"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-52520",
          "url": "https://www.suse.com/security/cve/CVE-2025-52520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246388 for CVE-2025-52520",
          "url": "https://bugzilla.suse.com/1246388"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-52520"
    },
    {
      "cve": "CVE-2025-53506",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-53506"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100.  Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-53506",
          "url": "https://www.suse.com/security/cve/CVE-2025-53506"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246318 for CVE-2025-53506",
          "url": "https://bugzilla.suse.com/1246318"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-53506"
    },
    {
      "cve": "CVE-2025-55752",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55752"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the       rewritten URL was normalized before it was decoded. This introduced the       possibility that, for rewrite rules that rewrite query parameters to the       URL, an attacker could manipulate the request URI to bypass security       constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55752",
          "url": "https://www.suse.com/security/cve/CVE-2025-55752"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252753 for CVE-2025-55752",
          "url": "https://bugzilla.suse.com/1252753"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-55752"
    },
    {
      "cve": "CVE-2025-55754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55754",
          "url": "https://www.suse.com/security/cve/CVE-2025-55754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252905 for CVE-2025-55754",
          "url": "https://bugzilla.suse.com/1252905"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-55754"
    },
    {
      "cve": "CVE-2025-61795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61795",
          "url": "https://www.suse.com/security/cve/CVE-2025-61795"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252756 for CVE-2025-61795",
          "url": "https://bugzilla.suse.com/1252756"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24733",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24733"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24733",
          "url": "https://www.suse.com/security/cve/CVE-2026-24733"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258385 for CVE-2026-24733",
          "url": "https://bugzilla.suse.com/1258385"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-26T09:46:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24733"
    }
  ]
}

VAR-202302-1621

Vulnerability from variot - Updated: 2024-07-23 19:44

Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. Summary:

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Relevant releases/architectures:

OpenShift Developer Tools and Services for OCP 4.13 for RHEL 8 - noarch

Description:

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

apache-commons-text: variable interpolation RCE (CVE-2022-42889)
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
Jenkins: Denial of Service attack (CVE-2023-27900)
Jenkins: Denial of Service attack (CVE-2023-27901)
Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

1856376 - CVE-2020-7692 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE 2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin 2170039 - CVE-2023-25761 jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin 2170041 - CVE-2023-25762 jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts 2177630 - CVE-2023-27902 Jenkins: Workspace temporary directories accessible through directory browser 2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents 2177638 - CVE-2023-27900 Jenkins: Denial of Service attack 2177646 - CVE-2023-27901 Jenkins: Denial of Service attack 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

JIRA issues fixed (https://issues.jboss.org/):

PITEAM-10 - Release 4.13 Jenkins agent image PITEAM-9 - Release 4.13 Jenkins image

Gentoo Linux Security Advisory GLSA 202305-37

                                       https://security.gentoo.org/

Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: May 30, 2023 Bugs: #878911, #889596, #896370, #907387 ID: 202305-37

Synopsis

Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache Tomcat users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"

References

[ 1 ] CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252 [ 2 ] CVE-2022-45143 https://nvd.nist.gov/vuln/detail/CVE-2022-45143 [ 3 ] CVE-2023-24998 https://nvd.nist.gov/vuln/detail/CVE-2023-24998 [ 4 ] CVE-2023-28709 https://nvd.nist.gov/vuln/detail/CVE-2023-28709

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-37

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 .

The purpose of this text-only errata is to inform you about the security issues fixed. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Web Server 5.7.4 release and security update Advisory ID: RHSA-2023:4909-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2023:4909 Issue date: 2023-09-04 CVE Names: CVE-2022-24963 CVE-2023-24998 CVE-2023-28708 CVE-2023-28709 ==================================================================== 1. Summary:

An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64

Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.

Security Fix(es):

apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts 2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure 2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete

Package List:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server:

Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm

noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm

x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm

Red Hat JBoss Web Server 5.7 for RHEL 8:

Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm

noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm

x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm

Red Hat JBoss Web Server 5.7 for RHEL 9:

Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm

noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm

x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2023-24998 https://access.redhat.com/security/cve/CVE-2023-28708 https://access.redhat.com/security/cve/CVE-2023-28709 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+ Ag1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB f7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu AAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P CCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl 7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX Q2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI CBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT pwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe jyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ 3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib PKxvfGMcijaSUTJ0s70k =7k// -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

CVE-2023-24998

Denial of service.

CVE-2023-41080

Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.

CVE-2023-42795

Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from the current request/response to the
next.

CVE-2023-44487

DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)

CVE-2023-45648

Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A
specially crafted, invalid trailer header could cause Tomcat to treat a
single request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

For the oldstable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u7.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU 0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+ JxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7 eKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s Es5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV WwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P 3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR Nh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2 dbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY A77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj e3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY= =6KYM -----END PGP SIGNATURE----- .

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-1621",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "commons fileupload",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.0"
      },
      {
        "model": "commons fileupload",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.5"
      },
      {
        "model": "commons fileupload",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.0"
      },
      {
        "model": "nec advanced analytics platform modeler",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - smart device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "neoface monitor",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "job management partner 1/it desktop management 2 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "hitachi tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "tomcat",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "nec information assessment system",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "nec \u81ea\u52d5\u5fdc\u7b54",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "websam it process management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "commons fileupload",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "jp1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "jp1/it desktop management 2 - operations director",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "esmpro/servermanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "job management partner 1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "model": "connexive pf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      },
      {
        "model": "actsecure \u30dd\u30fc\u30bf\u30eb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u672c\u96fb\u6c17",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5",
                "versionStartIncluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "db": "PACKETSTORM",
        "id": "175724"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2023-24998",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-24998",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-24998",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202302-1610",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. \n\n\n\n\nNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured. Summary:\n\nAn update for jenkins and jenkins-2-plugins is now available for OpenShift\nDeveloper Tools and Services for OCP 4.13. Relevant releases/architectures:\n\nOpenShift Developer Tools and Services for OCP 4.13 for RHEL 8 - noarch\n\n3. Description:\n\nJenkins is a continuous integration server that monitors executions of\nrepeated jobs, such as building a software project or jobs run by cron. \n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for\nOAuth 2.0 for Native Apps can lead to improper authorization\n(CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script\nSecurity Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method\n(CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize\nJsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher\n(CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts\n(CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\n(CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in\nPipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory\nbrowser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to\nagents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1856376 - CVE-2020-7692 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization\n2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method\n2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher\n2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks\n2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks\n2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE\n2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\n2170039 - CVE-2023-25761 jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\n2170041 - CVE-2023-25762 jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\n2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts\n2177630 - CVE-2023-27902 Jenkins: Workspace temporary directories accessible through directory browser\n2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents\n2177638 - CVE-2023-27900 Jenkins: Denial of Service attack\n2177646 - CVE-2023-27901 Jenkins: Denial of Service attack\n2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nPITEAM-10 - Release 4.13 Jenkins agent image\nPITEAM-9 - Release 4.13 Jenkins image\n\n7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202305-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: Apache Tomcat: Multiple Vulnerabilities\n     Date: May 30, 2023\n     Bugs: #878911, #889596, #896370, #907387\n       ID: 202305-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich could result in denial of service. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Tomcat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-10.1.8\"\n\nReferences\n=========\n[ 1 ] CVE-2022-42252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42252\n[ 2 ] CVE-2022-45143\n      https://nvd.nist.gov/vuln/detail/CVE-2022-45143\n[ 3 ] CVE-2023-24998\n      https://nvd.nist.gov/vuln/detail/CVE-2023-24998\n[ 4 ] CVE-2023-28709\n      https://nvd.nist.gov/vuln/detail/CVE-2023-28709\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nThe purpose of this text-only errata is to inform you about the security\nissues fixed. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Web Server 5.7.4 release and security update\nAdvisory ID:       RHSA-2023:4909-01\nProduct:           Red Hat JBoss Web Server\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:4909\nIssue date:        2023-09-04\nCVE Names:         CVE-2022-24963 CVE-2023-24998 CVE-2023-28708\n                   CVE-2023-28709\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat\nEnterprise Linux versions 7, 8, and 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. \n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for\nRed Hat JBoss Web Server 5.7.3. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References section. \n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts\n(CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure\n(CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode\n2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts\n2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure\n2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete\n\n6. Package List:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 8:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 9:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24963\nhttps://access.redhat.com/security/cve/CVE-2023-24998\nhttps://access.redhat.com/security/cve/CVE-2023-28708\nhttps://access.redhat.com/security/cve/CVE-2023-28709\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+\nAg1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB\nf7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu\nAAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P\nCCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl\n7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX\nQ2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI\nCBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT\npwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe\njyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ\n3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib\nPKxvfGMcijaSUTJ0s70k\n=7k//\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2023-24998\n\n    Denial of service. \n\nCVE-2023-41080\n\n    Open redirect. If the ROOT (default) web application is configured to use\n    FORM authentication then it is possible that a specially crafted URL could\n    be used to trigger a redirect to an URL of the attackers choice. \n\nCVE-2023-42795\n\n    Information Disclosure. When recycling various internal objects, including\n    the request and the response, prior to re-use by the next request/response,\n    an error could cause Tomcat to skip some parts of the recycling process\n    leading to information leaking from the current request/response to the\n    next. \n\nCVE-2023-44487\n\n    DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)\n\nCVE-2023-45648\n\n    Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A\n    specially crafted, invalid trailer header could cause Tomcat to treat a\n    single request as multiple requests leading to the possibility of request\n    smuggling when behind a reverse proxy. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 9.0.43-2~deb11u7. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU\n0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+\nJxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7\neKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s\nEs5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV\nWwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P\n3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR\nNh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2\ndbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY\nA77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj\ne3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY=\n=6KYM\n-----END PGP SIGNATURE-----\n. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "db": "PACKETSTORM",
        "id": "172624"
      },
      {
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "db": "PACKETSTORM",
        "id": "175070"
      },
      {
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "db": "PACKETSTORM",
        "id": "175724"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-24998",
        "trust": 4.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/05/22/1",
        "trust": 1.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-046-15",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91198149",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91253151",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3457",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2030",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3098",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1629",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3839",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.2979",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3596",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3113",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3425",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1590",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1527",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1085",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1526",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1468",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-24998",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172574",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172624",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172140",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174475",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174474",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175070",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175549",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175724",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "db": "PACKETSTORM",
        "id": "172624"
      },
      {
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "db": "PACKETSTORM",
        "id": "175070"
      },
      {
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "db": "PACKETSTORM",
        "id": "175724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "id": "VAR-202302-1621",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22708334
  },
  "last_update_date": "2024-07-23T19:44:50.669000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2024-119",
        "trust": 0.8,
        "url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#fixed_in_apache_commons_fileupload_1.5"
      },
      {
        "title": "Apache Commons FileUpload Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227328"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libcommons-fileupload-java: CVE-2023-24998",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d5c27d5122389b2993bab30e55fe65cf"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2023-24998"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "Determination of boundary conditions (CWE-193) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Allocation of resources without limits or throttling (CWE-770) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202305-37"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24998"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-24998"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28709"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5522"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91253151/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91198149/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2030"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1590"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1085"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3098"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3457"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1468"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3425"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3596"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3113"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3839"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1629"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-24998/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1526"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.2979"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1527"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40152"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40151"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-24963"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2023-28708"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24963"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2023-28709"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28708"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/770.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46877"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:3299"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25761"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27904"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27902"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22978"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27902"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-27901"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7692"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40151"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42889"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-24422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-25762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-46877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27901"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27900"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45143"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42252"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:2100"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-4492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38398"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37533"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42004"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41966"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-22602"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37533"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-1436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38398"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42003"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-20860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-39368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2023-q2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-41704"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25857"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-40150"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37865"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-33681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-20863"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-20861"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-38752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=5.7"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-45648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-41080"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-42795"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/tomcat9"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:6570"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173874"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189676"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:7065"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7065.json"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "db": "PACKETSTORM",
        "id": "172624"
      },
      {
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "db": "PACKETSTORM",
        "id": "175070"
      },
      {
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "db": "PACKETSTORM",
        "id": "175724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "db": "PACKETSTORM",
        "id": "172624"
      },
      {
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "db": "PACKETSTORM",
        "id": "175070"
      },
      {
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "db": "PACKETSTORM",
        "id": "175724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "date": "2023-02-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "date": "2023-05-25T15:06:23",
        "db": "PACKETSTORM",
        "id": "172574"
      },
      {
        "date": "2023-05-30T16:32:27",
        "db": "PACKETSTORM",
        "id": "172624"
      },
      {
        "date": "2023-05-04T14:33:07",
        "db": "PACKETSTORM",
        "id": "172140"
      },
      {
        "date": "2023-09-04T17:29:56",
        "db": "PACKETSTORM",
        "id": "174475"
      },
      {
        "date": "2023-09-04T17:29:45",
        "db": "PACKETSTORM",
        "id": "174474"
      },
      {
        "date": "2023-10-11T16:46:58",
        "db": "PACKETSTORM",
        "id": "175070"
      },
      {
        "date": "2023-11-13T21:01:39",
        "db": "PACKETSTORM",
        "id": "175549"
      },
      {
        "date": "2023-11-15T14:07:20",
        "db": "PACKETSTORM",
        "id": "175724"
      },
      {
        "date": "2023-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "date": "2023-02-20T16:15:10.423000",
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-24998"
      },
      {
        "date": "2024-05-29T07:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      },
      {
        "date": "2023-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      },
      {
        "date": "2024-02-16T19:11:10.163000",
        "db": "NVD",
        "id": "CVE-2023-24998"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache\u00a0Tomcat\u00a0 of \u00a0Apache\u00a0Commons\u00a0FileUpload\u00a0 denial of service ( DoS ) vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001220"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-1610"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2023-0433

Vulnerability from csaf_certbund - Published: 2023-02-20 23:00 - Updated: 2026-03-26 23:00

Summary

Apache Commons und Apache Tomcat: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt. Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons und Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-24998

Affected products

Known affected 62 products

Product	Identifier	Version
IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 IBM / Security Access Manager for Enterprise Single Sign-On	`cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1`	8.2.1
IBM Security Verify Access 10.0.0.0-10.0.6.1 IBM / Security Verify Access	`cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1`	10.0.0.0-10.0.6.1
IBM Integration Bus IBM	`cpe:/a:ibm:integration_bus:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
IBM Rational Build Forge <8.0.0.24 IBM / Rational Build Forge		<8.0.0.24
IBM WebSphere Application Server 8.5 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:8.5`	8.5
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
IBM WebSphere Application Server 9.0 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:9.0`	9
IBM Tivoli Netcool/OMNIbus <8.1.0 FP30 IBM / Tivoli Netcool/OMNIbus		<8.1.0 FP30
IBM Business Automation Workflow 19.0.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:19.0.0.1`	19.0.0.1
Dell NetWorker <19.9.0.1 Dell / NetWorker		<19.9.0.1
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
IBM Business Automation Workflow 22.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.2`	22.0.2
IBM WebSphere Application Server 17.0.0.3-23.0.0.3 IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:17.0.0.3_-_23.0.0.3`	17.0.0.3-23.0.0.3
IBM Tivoli Netcool/OMNIbus 8.1.0 IBM / Tivoli Netcool/OMNIbus	`cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0`	8.1.0
IBM Tivoli Business Service Manager <6.2.0.5 IBM / Tivoli Business Service Manager		<6.2.0.5
IBM Business Automation Workflow 20.0.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:20.0.0.1`	20.0.0.1
IBM Business Automation Workflow 22.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:22.0.1`	22.0.1
IBM Business Automation Workflow 18.0.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:18.0.0.1`	18.0.0.1
IBM Business Automation Workflow 18.0.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:18.0.0.2`	18.0.0.2
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
IBM Business Automation Workflow 18.0.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:18.0.0.0`	18.0.0.0
IBM Business Automation Workflow 21.0.3 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:21.0.3`	21.0.3
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM QRadar SIEM 7.5 IBM / QRadar SIEM	`cpe:/a:ibm:qradar_siem:7.5`	7.5
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM Business Automation Workflow 20.0.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:20.0.0.2`	20.0.0.2
Apache Tomcat Apache	`cpe:/a:apache:tomcat:-`	—
Red Hat JBoss Web Server <5.7.4 Red Hat / JBoss Web Server		<5.7.4
IBM Business Automation Workflow IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:-`	—
Apache Commons FileUpload <1.5 Apache / Commons		FileUpload <1.5
IBM Rational ClearCase IBM	`cpe:/a:ibm:rational_clearcase:-`	—
IBM Security Identity Manager IBM	`cpe:/a:ibm:security_identity_manager:-`	—
IBM WebSphere Service Registry and Repository 8.5 IBM / WebSphere Service Registry and Repository	`cpe:/a:ibm:websphere_service_registry_and_repository:8.5`	8.5
IBM TXSeries 8.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.1`	8.1
IBM TXSeries 8.2 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_8.2`	8.2
IBM TXSeries 9.1 IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms_9.1`	9.1
IBM Business Automation Workflow 19.0.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:19.0.0.2`	19.0.0.2
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Business Automation Workflow 19.0.0.3 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:19.0.0.3`	19.0.0.3
IBM Operational Decision Manager 8.10 IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.10`	8.1
Extreme Networks Extreme Management Center Extreme Networks / Extreme Management Center	`cpe:/a:extremenetworks:netsight:-`	—
IBM Rational Asset Manager 7.5.4.15 IBM / Rational Asset Manager	`cpe:/a:ibm:rational_asset_manager:7.5.4.15`	7.5.4.15
IBM Business Automation Workflow 21.0.2 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:21.0.2`	21.0.2
IBM MQ appliance IBM / MQ	`cpe:/a:ibm:mq:appliance`	appliance
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
IBM Business Automation Workflow traditional IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:traditional`	traditional
IBM Business Automation Workflow IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:v22.0.1_traditional`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
IBM Business Automation Workflow 21.0.3.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:21.0.3.1`	21.0.3.1
IBM Rational Change <5.3.2.6 IBM / Rational Change		<5.3.2.6
IBM Tivoli Monitoring 6.3.0.7 IBM / Tivoli Monitoring	`cpe:/a:ibm:tivoli_monitoring:6.3.0.7`	6.3.0.7
IBM MQ IBM / MQ	`cpe:/a:ibm:mq:-`	—
IBM Power Hardware Management Console V10 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:v10`	V10
IBM Spectrum Protect plus 10.1 IBM / Spectrum Protect	`cpe:/a:ibm:spectrum_protect:plus_10.1`	plus 10.1
IBM Operational Decision Manager 8.10.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.10.x`	8.10.x
IBM Operational Decision Manager 8.11.x IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.11.x`	8.11.x
Extreme Networks Extreme Management Center Extreme Networks / Extreme Management Center	`cpe:/a:extremenetworks:netsight:-`	—
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM / Security Access Manager for Enterprise Single Sign-On	`cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2`	8.2.2
IBM Power Hardware Management Console DS8000 IBM / Power Hardware Management Console	`cpe:/a:ibm:hardware_management_console:ds8000`	DS8000
IBM Operational Decision Manager 8.11 IBM / Operational Decision Manager	`cpe:/a:ibm:operational_decision_manager:8.11`	8.11

References

69 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-hfrx-6qgj-fp6c	external
https://seclists.org/oss-sec/2023/q1/107	external
https://seclists.org/oss-sec/2023/q1/108	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/6964742	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/6982047	external
https://www.ibm.com/support/pages/node/6982881	external
https://www.ibm.com/support/pages/node/6983456	external
https://www.ibm.com/support/pages/node/6983486	external
https://www.ibm.com/support/pages/node/6984945	external
https://www.ibm.com/support/pages/node/6984965	external
https://www.ibm.com/support/pages/node/6985555	external
https://www.ibm.com/support/pages/node/6987131	external
https://www.ibm.com/support/pages/node/6987355	external
https://alas.aws.amazon.com/ALAS-2023-1738.html	external
https://www.ibm.com/support/pages/node/6988523	external
https://www.ibm.com/support/pages/node/6989653	external
https://security.gentoo.org/glsa/202305-37	external
https://www.ibm.com/support/pages/node/6999301	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://my.f5.com/manage/s/article/K000133052	external
https://extreme-networks.my.site.com/ExtrArticleD…	external
https://www.ibm.com/support/pages/node/7001009	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7004187	external
https://www.ibm.com/support/pages/node/7005499	external
https://www.ibm.com/support/pages/node/7005589	external
https://www.ibm.com/support/pages/node/7005851	external
https://www.ibm.com/support/pages/node/7006099	external
https://my.f5.com/manage/s/article/K000135262	external
https://www.ibm.com/support/pages/node/7007743	external
https://www.ibm.com/support/pages/node/7007425	external
https://www.dell.com/support/kbdoc/de-de/00021549…	external
https://www.ibm.com/support/pages/node/7010099	external
https://www.ibm.com/support/pages/node/7006449	external
https://www.hitachi.com/products/it/software/secu…	external
https://alas.aws.amazon.com/ALAS-2023-1779.html	external
https://www.ibm.com/support/pages/node/7014915	external
https://access.redhat.com/errata/RHSA-2023:4910	external
https://access.redhat.com/errata/RHSA-2023:4909	external
https://www.ibm.com/support/pages/node/7027925	external
https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-…	external
https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-…	external
https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-202…	external
https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-202…	external
https://www.debian.org/security/2023/dsa-5522	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://alas.aws.amazon.com/ALAS-2023-1861.html	external
https://www.ibm.com/support/pages/node/7063721	external
https://access.redhat.com/errata/RHSA-2023:6570	external
https://access.redhat.com/errata/RHSA-2023:7065	external
https://extreme-networks.my.site.com/ExtrArticleD…	external
https://www.ibm.com/support/pages/node/7100942	external
https://www.ibm.com/support/pages/node/7105533	external
https://alas.aws.amazon.com/AL2/ALAS-2024-2517.html	external
https://www.ibm.com/support/pages/node/7168816	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://security.netapp.com/advisory/NTAP-20230302-0013	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.\r\nApache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons und Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0433 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0433.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0433 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0433"
      },
      {
        "category": "external",
        "summary": "Github Advisory Database vom 2023-02-20",
        "url": "https://github.com/advisories/GHSA-hfrx-6qgj-fp6c"
      },
      {
        "category": "external",
        "summary": "Seclists.org vom 2023-02-20",
        "url": "https://seclists.org/oss-sec/2023/q1/107"
      },
      {
        "category": "external",
        "summary": "Seclists.org vom 2023-02-20",
        "url": "https://seclists.org/oss-sec/2023/q1/108"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0696-1 vom 2023-03-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014018.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0695-1 vom 2023-03-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0697-1 vom 2023-03-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014017.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0730-1 vom 2023-03-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0758-1 vom 2023-03-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6964742 vom 2023-03-21",
        "url": "https://www.ibm.com/support/pages/node/6964742"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:1769-1 vom 2023-04-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014386.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6982047 vom 2023-04-07",
        "url": "https://www.ibm.com/support/pages/node/6982047"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6982881 vom 2023-04-12",
        "url": "https://www.ibm.com/support/pages/node/6982881"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6983456 vom 2023-04-13",
        "url": "https://www.ibm.com/support/pages/node/6983456"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6983486 vom 2023-04-13",
        "url": "https://www.ibm.com/support/pages/node/6983486"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6984945 vom 2023-04-20",
        "url": "https://www.ibm.com/support/pages/node/6984945"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6984965 vom 2023-04-20",
        "url": "https://www.ibm.com/support/pages/node/6984965"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6985555 vom 2023-04-24",
        "url": "https://www.ibm.com/support/pages/node/6985555"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6987131 vom 2023-04-29",
        "url": "https://www.ibm.com/support/pages/node/6987131"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6987355 vom 2023-04-30",
        "url": "https://www.ibm.com/support/pages/node/6987355"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1738 vom 2023-05-04",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1738.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6988523 vom 2023-05-06",
        "url": "https://www.ibm.com/support/pages/node/6988523"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6989653 vom 2023-05-11",
        "url": "https://www.ibm.com/support/pages/node/6989653"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202305-37 vom 2023-05-30",
        "url": "https://security.gentoo.org/glsa/202305-37"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6999301 vom 2023-05-30",
        "url": "https://www.ibm.com/support/pages/node/6999301"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2319-1 vom 2023-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/015019.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2318-1 vom 2023-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-May/015020.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000133052 vom 2023-06-01",
        "url": "https://my.f5.com/manage/s/article/K000133052"
      },
      {
        "category": "external",
        "summary": "Extreme Security Advisory",
        "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000110106"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7001009 vom 2023-06-02",
        "url": "https://www.ibm.com/support/pages/node/7001009"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2390-1 vom 2023-06-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015091.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2504-1 vom 2023-06-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015175.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:2505-1 vom 2023-06-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015174.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7004187 vom 2023-06-15",
        "url": "https://www.ibm.com/support/pages/node/7004187"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7005499 vom 2023-06-20",
        "url": "https://www.ibm.com/support/pages/node/7005499"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7005589 vom 2023-06-21",
        "url": "https://www.ibm.com/support/pages/node/7005589"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7005851 vom 2023-06-21",
        "url": "https://www.ibm.com/support/pages/node/7005851"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7006099 vom 2023-06-23",
        "url": "https://www.ibm.com/support/pages/node/7006099"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000135262 vom 2023-06-29",
        "url": "https://my.f5.com/manage/s/article/K000135262"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7007743 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7007743"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7007425 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7007425"
      },
      {
        "category": "external",
        "summary": "Security Update for Dell Networker",
        "url": "https://www.dell.com/support/kbdoc/de-de/000215494/dsa-2023-172-security-update-for-dell-networker-apache-tomcat"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7010099 vom 2023-07-06",
        "url": "https://www.ibm.com/support/pages/node/7010099"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7006449 vom 2023-07-07",
        "url": "https://www.ibm.com/support/pages/node/7006449"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-127 vom 2023-07-18",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-127/index.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1779 vom 2023-07-20",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1779.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7014915 vom 2023-08-01",
        "url": "https://www.ibm.com/support/pages/node/7014915"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4910 vom 2023-09-04",
        "url": "https://access.redhat.com/errata/RHSA-2023:4910"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:4909 vom 2023-09-04",
        "url": "https://access.redhat.com/errata/RHSA-2023:4909"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7027925 vom 2023-09-08",
        "url": "https://www.ibm.com/support/pages/node/7027925"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-008 vom 2023-09-27",
        "url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-008.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASTOMCAT9-2023-001 vom 2023-09-28",
        "url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-001.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-013 vom 2023-09-27",
        "url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-013.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-001 vom 2023-09-28",
        "url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-001.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5522 vom 2023-10-11",
        "url": "https://www.debian.org/security/2023/dsa-5522"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3617 vom 2023-10-13",
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1861 vom 2023-10-25",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1861.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7063721 vom 2023-10-31",
        "url": "https://www.ibm.com/support/pages/node/7063721"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6570 vom 2023-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:6570"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7065 vom 2023-11-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:7065"
      },
      {
        "category": "external",
        "summary": "Extreme Portal Security Advisory",
        "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000110106"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7100942 vom 2023-12-20",
        "url": "https://www.ibm.com/support/pages/node/7100942"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7105533 vom 2024-01-06",
        "url": "https://www.ibm.com/support/pages/node/7105533"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2517 vom 2024-04-18",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2517.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7168816 vom 2024-09-18",
        "url": "https://www.ibm.com/support/pages/node/7168816"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4245 vom 2025-07-22",
        "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20230302-0013 vom 2025-10-29",
        "url": "https://security.netapp.com/advisory/NTAP-20230302-0013"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Commons und Apache Tomcat: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2026-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-27T09:41:03.405+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-0433",
      "initial_release_date": "2023-02-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-14T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-16T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-20T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-04-10T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-13T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-19T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-04-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-05-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2023-05-04T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-05-07T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-05-11T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-05-29T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2023-05-30T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von IBM und SUSE aufgenommen"
        },
        {
          "date": "2023-06-01T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2023-06-04T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-05T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-06-13T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-06-14T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-20T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-21T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-22T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-06-28T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von F5 und IBM aufgenommen"
        },
        {
          "date": "2023-07-04T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2023-07-06T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-07-17T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "31",
          "summary": "Produkte erg\u00e4nzt"
        },
        {
          "date": "2023-07-19T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-07-31T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-04T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-09-10T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-27T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-10-15T22:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-10-24T22:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-11-07T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-29T23:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von ExtremeNetworks aufgenommen"
        },
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-07T23:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-09-17T22:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-07-21T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-10-29T23:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "50",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "50"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "FileUpload \u003c1.5",
                "product": {
                  "name": "Apache Commons FileUpload \u003c1.5",
                  "product_id": "T026439"
                }
              },
              {
                "category": "product_version",
                "name": "FileUpload 1.5",
                "product": {
                  "name": "Apache Commons FileUpload 1.5",
                  "product_id": "T026439-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:commons:fileupload__1.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commons"
          },
          {
            "category": "product_name",
            "name": "Apache Tomcat",
            "product": {
              "name": "Apache Tomcat",
              "product_id": "643",
              "product_identification_helper": {
                "cpe": "cpe:/a:apache:tomcat:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.9.0.1",
                "product": {
                  "name": "Dell NetWorker \u003c19.9.0.1",
                  "product_id": "T028404"
                }
              },
              {
                "category": "product_version",
                "name": "19.9.0.1",
                "product": {
                  "name": "Dell NetWorker 19.9.0.1",
                  "product_id": "T028404-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.9.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Extreme Networks Extreme Management Center",
                "product": {
                  "name": "Extreme Networks Extreme Management Center",
                  "product_id": "T027943",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:extremenetworks:netsight:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Extreme Networks Extreme Management Center",
                "product": {
                  "name": "Extreme Networks Extreme Management Center",
                  "product_id": "T030183",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:extremenetworks:netsight:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Extreme Management Center"
          }
        ],
        "category": "vendor",
        "name": "Extreme Networks"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T010951",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T017562",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "21.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 21.0.2",
                  "product_id": "1055431",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.3",
                "product": {
                  "name": "IBM Business Automation Workflow 21.0.3",
                  "product_id": "1150328",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 22.0.1",
                  "product_id": "1268578",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.0",
                  "product_id": "389078",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.1",
                  "product_id": "389079",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "18.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 18.0.0.2",
                  "product_id": "428468",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.1",
                  "product_id": "433292",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.2",
                  "product_id": "672243",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.0.0.3",
                "product": {
                  "name": "IBM Business Automation Workflow 19.0.0.3",
                  "product_id": "672244",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "20.0.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 20.0.0.1",
                  "product_id": "867559",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "20.0.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 20.0.0.2",
                  "product_id": "867560",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Business Automation Workflow",
                "product": {
                  "name": "IBM Business Automation Workflow",
                  "product_id": "T019704",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "traditional",
                "product": {
                  "name": "IBM Business Automation Workflow traditional",
                  "product_id": "T024465",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:traditional"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.3.1",
                "product": {
                  "name": "IBM Business Automation Workflow 21.0.3.1",
                  "product_id": "T025512",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.0.2",
                "product": {
                  "name": "IBM Business Automation Workflow 22.0.2",
                  "product_id": "T025770",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Business Automation Workflow",
                "product": {
                  "name": "IBM Business Automation Workflow",
                  "product_id": "T026126",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:v22.0.1_traditional"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "category": "product_name",
            "name": "IBM Integration Bus",
            "product": {
              "name": "IBM Integration Bus",
              "product_id": "T011169",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:integration_bus:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM MQ",
                "product": {
                  "name": "IBM MQ",
                  "product_id": "T021398",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "appliance",
                "product": {
                  "name": "IBM MQ appliance",
                  "product_id": "T025711",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:appliance"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.1",
                "product": {
                  "name": "IBM Operational Decision Manager 8.10",
                  "product_id": "T013722",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.11",
                "product": {
                  "name": "IBM Operational Decision Manager 8.11",
                  "product_id": "T022173",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.10.x",
                "product": {
                  "name": "IBM Operational Decision Manager 8.10.x",
                  "product_id": "T027827",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.10.x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.11.x",
                "product": {
                  "name": "IBM Operational Decision Manager 8.11.x",
                  "product_id": "T027828",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:operational_decision_manager:8.11.x"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Operational Decision Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "V10",
                "product": {
                  "name": "IBM Power Hardware Management Console V10",
                  "product_id": "T023373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:v10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "DS8000",
                "product": {
                  "name": "IBM Power Hardware Management Console DS8000",
                  "product_id": "T028436",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:hardware_management_console:ds8000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Power Hardware Management Console"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5.4.15",
                "product": {
                  "name": "IBM Rational Asset Manager 7.5.4.15",
                  "product_id": "T037732",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_asset_manager:7.5.4.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Asset Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.0.24",
                "product": {
                  "name": "IBM Rational Build Forge \u003c8.0.0.24",
                  "product_id": "T030689"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.24",
                "product": {
                  "name": "IBM Rational Build Forge 8.0.0.24",
                  "product_id": "T030689-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Build Forge"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.3.2.6",
                "product": {
                  "name": "IBM Rational Change \u003c5.3.2.6",
                  "product_id": "T028986"
                }
              },
              {
                "category": "product_version",
                "name": "5.3.2.6",
                "product": {
                  "name": "IBM Rational Change 5.3.2.6",
                  "product_id": "T028986-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_change:5.3.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Change"
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearCase",
            "product": {
              "name": "IBM Rational ClearCase",
              "product_id": "T004180",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearcase:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.2.1",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
                  "product_id": "T005246",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2.2",
                "product": {
                  "name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
                  "product_id": "T007073",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Access Manager for Enterprise Single Sign-On"
          },
          {
            "category": "product_name",
            "name": "IBM Security Identity Manager",
            "product": {
              "name": "IBM Security Identity Manager",
              "product_id": "T023840",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:security_identity_manager:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.0.0.0-10.0.6.1",
                "product": {
                  "name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
                  "product_id": "T031895",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Verify Access"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "plus 10.1",
                "product": {
                  "name": "IBM Spectrum Protect plus 10.1",
                  "product_id": "T015895",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM TXSeries 9.1",
                  "product_id": "T015903",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2",
                "product": {
                  "name": "IBM TXSeries 8.2",
                  "product_id": "T015904",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1",
                "product": {
                  "name": "IBM TXSeries 8.1",
                  "product_id": "T015905",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0.5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager \u003c6.2.0.5",
                  "product_id": "T027560"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0.5",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0.5",
                  "product_id": "T027560-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.0.7",
                "product": {
                  "name": "IBM Tivoli Monitoring 6.3.0.7",
                  "product_id": "342008",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Monitoring"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.0 FP30",
                "product": {
                  "name": "IBM Tivoli Netcool/OMNIbus \u003c8.1.0 FP30",
                  "product_id": "T026819"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0 FP30",
                "product": {
                  "name": "IBM Tivoli Netcool/OMNIbus 8.1.0 FP30",
                  "product_id": "T026819-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0_fp30"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0",
                "product": {
                  "name": "IBM Tivoli Netcool/OMNIbus 8.1.0",
                  "product_id": "T027235",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Netcool/OMNIbus"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5",
                  "product_id": "703851",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0",
                  "product_id": "703852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.0.3-23.0.0.3",
                "product": {
                  "name": "IBM WebSphere Application Server 17.0.0.3-23.0.0.3",
                  "product_id": "T027113",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:17.0.0.3_-_23.0.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Service Registry and Repository 8.5",
                  "product_id": "306235",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Service Registry and Repository"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T034125",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.7.4",
                "product": {
                  "name": "Red Hat JBoss Web Server \u003c5.7.4",
                  "product_id": "T029706"
                }
              },
              {
                "category": "product_version",
                "name": "5.7.4",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.7.4",
                  "product_id": "T029706-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss Web Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "T005246",
          "T031895",
          "T011169",
          "T010951",
          "T030689",
          "703851",
          "T034125",
          "703852",
          "T026819",
          "433292",
          "T028404",
          "398363",
          "T025770",
          "T027113",
          "T027235",
          "T027560",
          "867559",
          "1268578",
          "389079",
          "428468",
          "T012167",
          "389078",
          "1150328",
          "T017562",
          "T022954",
          "2951",
          "T002207",
          "867560",
          "643",
          "T029706",
          "T019704",
          "T026439",
          "T004180",
          "T023840",
          "306235",
          "T015905",
          "T015904",
          "T015903",
          "672243",
          "67646",
          "672244",
          "T013722",
          "T030183",
          "T037732",
          "1055431",
          "T025711",
          "T020304",
          "T024465",
          "T026126",
          "T001663",
          "T025512",
          "T028986",
          "342008",
          "T021398",
          "T023373",
          "T015895",
          "T027827",
          "T027828",
          "T027943",
          "T007073",
          "T028436",
          "T022173"
        ]
      },
      "release_date": "2023-02-20T23:00:00.000+00:00",
      "title": "CVE-2023-24998"
    }
  ]
}

WID-SEC-W-2023-0609

Vulnerability from csaf_certbund - Published: 2023-03-08 23:00 - Updated: 2024-02-11 23:00

Summary

Jenkins: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen und Code auszuführen

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-27905

In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungenügende Eingabeüberprüfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen und Code auszuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27904

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27903

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27902

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27900

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27899

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-27898

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

CVE-2023-24998

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift container platform 4.10 Red Hat / OpenShift	`cpe:/a:redhat:openshift:container_platform_4.10`	container platform 4.10

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.jenkins.io/security/advisory/2023-03-08/	external
https://access.redhat.com/errata/RHSA-2023:1655	external
https://access.redhat.com/errata/RHSA-2023:3195	external
https://access.redhat.com/errata/RHSA-2023:3198	external
https://access.redhat.com/errata/RHSA-2023:3299	external
https://access.redhat.com/errata/RHSA-2023:3622	external
https://access.redhat.com/errata/RHSA-2023:3663	external
https://access.redhat.com/errata/RHSA-2024:0775	external
https://access.redhat.com/errata/RHSA-2024:0778	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0609 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0609.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0609 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0609"
      },
      {
        "category": "external",
        "summary": "Jenkins Security Advisory vom 2023-03-08",
        "url": "https://www.jenkins.io/security/advisory/2023-03-08/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1655 vom 2023-04-12",
        "url": "https://access.redhat.com/errata/RHSA-2023:1655"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3195 vom 2023-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:3195"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3198 vom 2023-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2023:3198"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3299 vom 2023-05-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:3299"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2023:3622"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:3663 vom 2023-06-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:3663"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:0775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:0778"
      }
    ],
    "source_lang": "en-US",
    "title": "Jenkins: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:46:24.013+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0609",
      "initial_release_date": "2023-03-08T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-08T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-05-24T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-15T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-06-19T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-11T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.394",
                "product": {
                  "name": "Jenkins Jenkins \u003c 2.394",
                  "product_id": "T026692"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.375.4 LTS",
                "product": {
                  "name": "Jenkins Jenkins \u003c 2.375.4 LTS",
                  "product_id": "T026693"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.387.1 LTS",
                "product": {
                  "name": "Jenkins Jenkins \u003c 2.387.1 LTS",
                  "product_id": "T026694"
                }
              }
            ],
            "category": "product_name",
            "name": "Jenkins"
          }
        ],
        "category": "vendor",
        "name": "Jenkins"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container platform 4.10",
                "product": {
                  "name": "Red Hat OpenShift container platform 4.10",
                  "product_id": "T027233",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-27905",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27905"
    },
    {
      "cve": "CVE-2023-27904",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27904"
    },
    {
      "cve": "CVE-2023-27903",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27903"
    },
    {
      "cve": "CVE-2023-27902",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27902"
    },
    {
      "cve": "CVE-2023-27901",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27901"
    },
    {
      "cve": "CVE-2023-27900",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27900"
    },
    {
      "cve": "CVE-2023-27899",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27899"
    },
    {
      "cve": "CVE-2023-27898",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-27898"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T027233"
        ]
      },
      "release_date": "2023-03-08T23:00:00.000+00:00",
      "title": "CVE-2023-24998"
    }
  ]
}

WID-SEC-W-2023-1005

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00

Summary

Oracle REST Data Services: Schwachstelle gefährdet Verfügbarkeit

Severity

Mittel

Notes

Produktbeschreibung: Oracle REST Data Services (ORDS) ermöglicht die Erstellung grundlegender RESTful Web Services unter Verwendung von PL/SQL.

Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Oracle REST Data Services ausnutzen, um die Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-24998

In Oracle REST Data Services existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, authentisierter Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu dieser Schwachstelle (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier "HIGH" für "Availability" und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle REST Data Services (ORDS) erm\u00f6glicht die Erstellung grundlegender RESTful Web Services unter Verwendung von PL/SQL.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Oracle REST Data Services ausnutzen, um die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1005 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1005.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1005 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1005"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle REST Data Services vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixREST"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle REST Data Services: Schwachstelle gef\u00e4hrdet Verf\u00fcgbarkeit",
    "tracking": {
      "current_release_date": "2023-04-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:09.148+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1005",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle REST Data Services \u003c 23.1.0",
            "product": {
              "name": "Oracle REST Data Services \u003c 23.1.0",
              "product_id": "T027320",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:rest_data_services:23.1.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle REST Data Services existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, authentisierter Angreifer die Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu dieser Schwachstelle (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier \"HIGH\" f\u00fcr \"Availability\" und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    }
  ]
}

WID-SEC-W-2023-1007

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00

Summary

Oracle Database Server: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-24998

In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL-HOCH" für die Schadenshöhe.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server 19c Oracle / Database Server	`cpe:/a:oracle:database_server:19c`	—
Oracle Database Server 21c Oracle / Database Server	`cpe:/a:oracle:database_server:21c`	—

CVE-2023-21934

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server 19c Oracle / Database Server	`cpe:/a:oracle:database_server:19c`	—
Oracle Database Server 21c Oracle / Database Server	`cpe:/a:oracle:database_server:21c`	—

CVE-2023-21918

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server 19c Oracle / Database Server	`cpe:/a:oracle:database_server:19c`	—
Oracle Database Server 21c Oracle / Database Server	`cpe:/a:oracle:database_server:21c`	—

CVE-2022-45061

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Database Server 19c Oracle / Database Server	`cpe:/a:oracle:database_server:19c`	—
Oracle Database Server 21c Oracle / Database Server	`cpe:/a:oracle:database_server:21c`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1007 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1007.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1007 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1007"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Database Server vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixDB"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Database Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:09.596+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1007",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Database Server 21c",
                "product": {
                  "name": "Oracle Database Server 21c",
                  "product_id": "1120391",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:database_server:21c"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Database Server 19c",
                "product": {
                  "name": "Oracle Database Server 19c",
                  "product_id": "425140",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:database_server:19c"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Database Server"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "425140",
          "1120391"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-21934",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "425140",
          "1120391"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21934"
    },
    {
      "cve": "CVE-2023-21918",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "425140",
          "1120391"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21918"
    },
    {
      "cve": "CVE-2022-45061",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "425140",
          "1120391"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45061"
    }
  ]
}

WID-SEC-W-2023-1012

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00

Summary

Oracle Insurance Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-24998

In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2022-42003

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2022-27404

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2022-22965

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2021-35043

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2020-35168

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2020-25649

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2020-11987

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

CVE-2019-10086

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Insurance Applications 12.6.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.0.0.0`	—
Oracle Insurance Applications 1.0.1.8 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:1.0.1.8`	—
Oracle Insurance Applications 12.7.0.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.0.0.0`	—
Oracle Insurance Applications 12.7.1.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.7.1.0.0`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Insurance Applications <= 12.6.4.0.0 Oracle / Insurance Applications	`cpe:/a:oracle:insurance_applications:12.6.4.0.0`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Insurance Applications ist eine Produktfamilie mit L\u00f6sungen f\u00fcr die Versicherungsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1012 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1012.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1012 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1012"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Insurance Applications vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixINSU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Insurance Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:12.744+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1012",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Insurance Applications 12.6.0.0.0",
                "product": {
                  "name": "Oracle Insurance Applications 12.6.0.0.0",
                  "product_id": "T027384",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:insurance_applications:12.6.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Insurance Applications \u003c= 12.6.4.0.0",
                "product": {
                  "name": "Oracle Insurance Applications \u003c= 12.6.4.0.0",
                  "product_id": "T027385",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:insurance_applications:12.6.4.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Insurance Applications 12.7.0.0.0",
                "product": {
                  "name": "Oracle Insurance Applications 12.7.0.0.0",
                  "product_id": "T027386",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:insurance_applications:12.7.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Insurance Applications 12.7.1.0.0",
                "product": {
                  "name": "Oracle Insurance Applications 12.7.1.0.0",
                  "product_id": "T027387",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:insurance_applications:12.7.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Insurance Applications 1.0.1.8",
                "product": {
                  "name": "Oracle Insurance Applications 1.0.1.8",
                  "product_id": "T027388",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:insurance_applications:1.0.1.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Insurance Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-27404",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-27404"
    },
    {
      "cve": "CVE-2022-22965",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2021-35043",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-35043"
    },
    {
      "cve": "CVE-2020-35168",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-35168"
    },
    {
      "cve": "CVE-2020-25649",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2020-11987",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-11987"
    },
    {
      "cve": "CVE-2019-10086",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027384",
          "T027388",
          "T027386",
          "T027387"
        ],
        "last_affected": [
          "T027385"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2019-10086"
    }
  ]
}

WID-SEC-W-2023-1016

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-12-26 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-24998

In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-22899

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21996

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21979

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21964

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21960

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21956

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2023-21931

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-46908

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45693

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45685

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-45047

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-43551

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42890

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-42003

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-41966

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-41881

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40304

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40152

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40151

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-40149

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-37434

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-36033

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-34305

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-33980

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-31160

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-29599

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2022-22965

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-37533

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36374

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-36090

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-34798

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-31684

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2021-22569

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-6950

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-25638

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2020-13954

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2019-20916

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

CVE-2018-14371

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 8.5.6 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.6`	—
Oracle Fusion Middleware 12.2.1.3.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.3.0`	—
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	—
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2023…	external
https://www.dell.com/support/kbdoc/000220669/dsa-2023-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1016 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1016.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1016 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1016"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Fusion Middleware vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
        "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-26T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:14.060+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1016",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.3.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.3.0",
                  "product_id": "618028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Fusion Middleware 8.5.6",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.6",
                  "product_id": "T024993",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-22899",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-22899"
    },
    {
      "cve": "CVE-2023-21996",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21996"
    },
    {
      "cve": "CVE-2023-21979",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21979"
    },
    {
      "cve": "CVE-2023-21964",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21964"
    },
    {
      "cve": "CVE-2023-21960",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21960"
    },
    {
      "cve": "CVE-2023-21956",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21956"
    },
    {
      "cve": "CVE-2023-21931",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21931"
    },
    {
      "cve": "CVE-2022-46908",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-46908"
    },
    {
      "cve": "CVE-2022-45693",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45693"
    },
    {
      "cve": "CVE-2022-45685",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45685"
    },
    {
      "cve": "CVE-2022-45047",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45047"
    },
    {
      "cve": "CVE-2022-43551",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40151",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-34305",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-34305"
    },
    {
      "cve": "CVE-2022-33980",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-33980"
    },
    {
      "cve": "CVE-2022-31160",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2022-29599",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-29599"
    },
    {
      "cve": "CVE-2022-22965",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-36090",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-36090"
    },
    {
      "cve": "CVE-2021-34798",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-34798"
    },
    {
      "cve": "CVE-2021-31684",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-31684"
    },
    {
      "cve": "CVE-2021-22569",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2020-6950",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-6950"
    },
    {
      "cve": "CVE-2020-25638",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-25638"
    },
    {
      "cve": "CVE-2020-13954",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-13954"
    },
    {
      "cve": "CVE-2019-20916",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2019-20916"
    },
    {
      "cve": "CVE-2018-14371",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024993",
          "618028",
          "751674",
          "829576"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2018-14371"
    }
  ]
}

WID-SEC-W-2023-1017

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-04-18 22:00

Summary

Oracle Financial Services Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-28708

In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-25194

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-24998

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21915

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21908

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21907

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21906

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21905

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21904

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21903

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2023-21902

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-46908

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-46364

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-43680

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42890

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42889

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42252

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-42003

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-41881

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-40146

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-38752

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-36033

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-34169

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-3171

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-29577

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-25647

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-24839

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-23437

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-22979

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-22978

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-22971

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2022-2048

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2021-43859

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2021-41184

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2021-36090

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2021-29425

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2020-11988

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

CVE-2019-12415

Affected products

Known affected 49 products

Product	Identifier	Version
Oracle Financial Services Applications 8.1.2.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4`	—
Oracle Financial Services Applications 8.1.2.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.3`	—
Oracle Financial Services Applications 22.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2`	—
Oracle Financial Services Applications 2.9.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.1`	—
Oracle Financial Services Applications 8.1.2.4.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.4.1`	—
Oracle Financial Services Applications 2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8`	—
Oracle Financial Services Applications 18.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.2`	—
Oracle Financial Services Applications 3.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2`	—
Oracle Financial Services Applications 4.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0`	—
Oracle Financial Services Applications 3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0`	—
Oracle Financial Services Applications 3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1`	—
Oracle Financial Services Applications 11.10 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.10`	—
Oracle Financial Services Applications 8.1.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.0`	—
Oracle Financial Services Applications 8.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.0`	—
Oracle Financial Services Applications 8.1.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.0`	—
Oracle Financial Services Applications 11.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.8`	—
Oracle Financial Services Applications 8.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1`	—
Oracle Financial Services Applications 8.1.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.1`	—
Oracle Financial Services Applications 11.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.7`	—
Oracle Financial Services Applications 8.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.0`	—
Oracle Financial Services Applications 18.3 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:18.3`	—
Oracle Financial Services Applications 2.7.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.1`	—
Oracle Financial Services Applications 8.1.1.1.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.7`	—
Oracle Financial Services Applications 8.0.7.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.0`	—
Oracle Financial Services Applications 11.11 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.11`	—
Oracle Financial Services Applications 8.0.7.1.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.1.2`	—
Oracle Financial Services Applications 8.0.8.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0.0`	—
Oracle Financial Services Applications 11.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:11.6`	—
Oracle Financial Services Applications 8.1.2.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2.1`	—
Oracle Financial Services Applications 8.0.7.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.3.1`	—
Oracle Financial Services Applications 8.0.8.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1.4`	—
Oracle Financial Services Applications 8.1.0.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.0.1.4`	—
Oracle Financial Services Applications 8.1.1.1.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.1.1`	—
Oracle Financial Services Applications 2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7`	—
Oracle Financial Services Applications 2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9`	—
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	—
Oracle Financial Services Applications 8.0.9.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.9.0`	—
Oracle Financial Services Applications 8.0.8.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.0`	—
Oracle Financial Services Applications 8.1.2.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.2`	—
Oracle Financial Services Applications 8.0.8.3.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.1`	—
Oracle Financial Services Applications 21.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1`	—
Oracle Financial Services Applications 8.1.1.2.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.2.0`	—
Oracle Financial Services Applications 8.0.8.3.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.3.5`	—
Oracle Financial Services Applications 19.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2`	—
Oracle Financial Services Applications 8.0.7.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8.1`	—
Oracle Financial Services Applications 19.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1`	—
Oracle Financial Services Applications 8.0.8.2.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2.1`	—
Oracle Financial Services Applications 22.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1`	—
Oracle Financial Services Applications 8.0.8.2 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.2`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <= 14.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Financial Services ist eine Zusammenstellung  von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1017 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1017.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1017 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1017"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Financial Services Applications vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixIFLX"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:16.791+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1017",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 2.7.1",
                "product": {
                  "name": "Oracle Financial Services Applications 2.7.1",
                  "product_id": "T018979",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 11.7",
                "product": {
                  "name": "Oracle Financial Services Applications 11.7",
                  "product_id": "T020695",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:11.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 11.8",
                "product": {
                  "name": "Oracle Financial Services Applications 11.8",
                  "product_id": "T020696",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:11.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 11.10",
                "product": {
                  "name": "Oracle Financial Services Applications 11.10",
                  "product_id": "T020698",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:11.10"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 18.3",
                "product": {
                  "name": "Oracle Financial Services Applications 18.3",
                  "product_id": "T021669",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:18.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 19.1",
                "product": {
                  "name": "Oracle Financial Services Applications 19.1",
                  "product_id": "T021670",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 19.2",
                "product": {
                  "name": "Oracle Financial Services Applications 19.2",
                  "product_id": "T021671",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 21.1",
                "product": {
                  "name": "Oracle Financial Services Applications 21.1",
                  "product_id": "T021673",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:21.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.0",
                  "product_id": "T022833",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.0",
                  "product_id": "T022834",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.1",
                  "product_id": "T022835",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.9.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.9.0",
                  "product_id": "T022840",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.9.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.0",
                  "product_id": "T022841",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.1",
                  "product_id": "T022844",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.0.0",
                  "product_id": "T023923",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.1",
                  "product_id": "T023924",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.0",
                  "product_id": "T023925",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 2.7",
                "product": {
                  "name": "Oracle Financial Services Applications 2.7",
                  "product_id": "T023927",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 2.9",
                "product": {
                  "name": "Oracle Financial Services Applications 2.9",
                  "product_id": "T023928",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.2",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.2",
                  "product_id": "T024988",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.2",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.2",
                  "product_id": "T024990",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.3.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.3.1",
                  "product_id": "T025878",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications \u003c= 14.7",
                "product": {
                  "name": "Oracle Financial Services Applications \u003c= 14.7",
                  "product_id": "T027348",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 22.1",
                "product": {
                  "name": "Oracle Financial Services Applications 22.1",
                  "product_id": "T027349",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 22.2",
                "product": {
                  "name": "Oracle Financial Services Applications 22.2",
                  "product_id": "T027350",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.4",
                  "product_id": "T027351",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.3",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.3",
                  "product_id": "T027352",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 2.8",
                "product": {
                  "name": "Oracle Financial Services Applications 2.8",
                  "product_id": "T027353",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 18.2",
                "product": {
                  "name": "Oracle Financial Services Applications 18.2",
                  "product_id": "T027354",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:18.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.4.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.4.1",
                  "product_id": "T027358",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 2.9.1",
                "product": {
                  "name": "Oracle Financial Services Applications 2.9.1",
                  "product_id": "T027359",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.9.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 3.0",
                "product": {
                  "name": "Oracle Financial Services Applications 3.0",
                  "product_id": "T027360",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 3.1",
                "product": {
                  "name": "Oracle Financial Services Applications 3.1",
                  "product_id": "T027361",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 3.2",
                "product": {
                  "name": "Oracle Financial Services Applications 3.2",
                  "product_id": "T027362",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 4.0",
                "product": {
                  "name": "Oracle Financial Services Applications 4.0",
                  "product_id": "T027363",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.0.0",
                  "product_id": "T027364",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 11.6",
                "product": {
                  "name": "Oracle Financial Services Applications 11.6",
                  "product_id": "T027365",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:11.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 11.11",
                "product": {
                  "name": "Oracle Financial Services Applications 11.11",
                  "product_id": "T027366",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:11.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7.1.2",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.1.2",
                  "product_id": "T027367",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.1.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.1.7",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.1.7",
                  "product_id": "T027368",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7.8.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.8.0",
                  "product_id": "T027369",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.1.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.1.1",
                  "product_id": "T027370",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.1.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.1.4",
                  "product_id": "T027371",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.0.1.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.0.1.4",
                  "product_id": "T027372",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.0.1.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.2.2.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.2.1",
                  "product_id": "T027373",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7.3.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.3.1",
                  "product_id": "T027374",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.3.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.7.8.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.8.1",
                  "product_id": "T027375",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.2.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.2.1",
                  "product_id": "T027376",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.1.1.2.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.2.0",
                  "product_id": "T027377",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.2.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Financial Services Applications 8.0.8.3.5",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.3.5",
                  "product_id": "T027378",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-21915",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21915"
    },
    {
      "cve": "CVE-2023-21908",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21908"
    },
    {
      "cve": "CVE-2023-21907",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21907"
    },
    {
      "cve": "CVE-2023-21906",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21906"
    },
    {
      "cve": "CVE-2023-21905",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21905"
    },
    {
      "cve": "CVE-2023-21904",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21904"
    },
    {
      "cve": "CVE-2023-21903",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21903"
    },
    {
      "cve": "CVE-2023-21902",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-21902"
    },
    {
      "cve": "CVE-2022-46908",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-46908"
    },
    {
      "cve": "CVE-2022-46364",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-46364"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-42890",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42890"
    },
    {
      "cve": "CVE-2022-42889",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42889"
    },
    {
      "cve": "CVE-2022-42252",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-40146",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40146"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-36033",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-36033"
    },
    {
      "cve": "CVE-2022-34169",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-29577",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-29577"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-24839",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-24839"
    },
    {
      "cve": "CVE-2022-23437",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-23437"
    },
    {
      "cve": "CVE-2022-22979",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-22979"
    },
    {
      "cve": "CVE-2022-22978",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-22978"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-2048",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-2048"
    },
    {
      "cve": "CVE-2021-43859",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-43859"
    },
    {
      "cve": "CVE-2021-41184",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-36090",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-36090"
    },
    {
      "cve": "CVE-2021-29425",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2020-11988",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2020-11988"
    },
    {
      "cve": "CVE-2019-12415",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027351",
          "T027352",
          "T027350",
          "T027359",
          "T027358",
          "T027353",
          "T027354",
          "T027362",
          "T027363",
          "T027360",
          "T027361",
          "T020698",
          "T022833",
          "T022834",
          "T023923",
          "T020696",
          "T022835",
          "T023924",
          "T020695",
          "T023925",
          "T021669",
          "T018979",
          "T027368",
          "T027369",
          "T027366",
          "T027367",
          "T027364",
          "T027365",
          "T027373",
          "T027374",
          "T027371",
          "T027372",
          "T027370",
          "T023927",
          "T023928",
          "T022844",
          "T022840",
          "T022841",
          "T024988",
          "T025878",
          "T021673",
          "T027377",
          "T027378",
          "T021671",
          "T027375",
          "T021670",
          "T027376",
          "T027349",
          "T024990"
        ],
        "last_affected": [
          "T027348"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2019-12415"
    }
  ]
}

WID-SEC-W-2023-1021

Vulnerability from csaf_certbund - Published: 2023-04-18 22:00 - Updated: 2023-06-29 22:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-28708

In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-25690

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-25613

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-25577

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-24998

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-23931

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-23916

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2023-0361

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-47629

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-46364

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-45143

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-45047

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-4415

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-43402

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-43401

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-42898

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-42252

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-42003

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-41966

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-41881

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-40304

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-40151

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-38752

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-37865

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-37434

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-35737

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-3171

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-31692

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-31630

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-31129

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-31123

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-28199

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-25315

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-23491

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-1471

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2022-1292

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2021-46848

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

CVE-2021-37519

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	—
Oracle Communications 12.6.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.0.0.0`	—
Oracle Communications 3.3 Oracle / Communications	`cpe:/a:oracle:communications:3.3`	—
Oracle Communications 7.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:7.0.0.0.0`	—
Oracle Communications 22.3.0 Oracle / Communications	`cpe:/a:oracle:communications:22.3.0`	—
Oracle Communications 9.1 Oracle / Communications	`cpe:/a:oracle:communications:9.1`	—
Oracle Communications 5.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Oracle Communications 4.0 Oracle / Communications	`cpe:/a:oracle:communications:4.0`	—
Oracle Communications 8.6.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.6.0.0`	—
Oracle Communications 12.6.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:12.6.1.0.0`	—
Oracle Communications 8.45 Oracle / Communications	`cpe:/a:oracle:communications:8.45`	—
Oracle Communications 22.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:22.1.0.0.0`	—
Oracle Communications 9.15 Oracle / Communications	`cpe:/a:oracle:communications:9.15`	—
Oracle Communications 9.1.1.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.3.0`	—
Oracle Communications 9.0.1.6.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1.6.0`	—
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	—
Oracle Communications 9.1.1.4.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.4.0`	—

Last affected 2 products

Product	Identifier	Version	Remediation
Oracle Communications <= 22.4.4 Oracle / Communications	`cpe:/a:oracle:communications:22.4.4`	—
Oracle Communications <= 23.1.1 Oracle / Communications	`cpe:/a:oracle:communications:23.1.1`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7008449	external
https://www.oracle.com/security-alerts/cpuapr2023…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1021 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1021.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1021 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1021"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Communications vom 2023-04-18",
        "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixCGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-06-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:22.512+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1021",
      "initial_release_date": "2023-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1",
                "product": {
                  "name": "Oracle Communications 9.1",
                  "product_id": "T019868",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 3.3",
                "product": {
                  "name": "Oracle Communications 3.3",
                  "product_id": "T020687",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:3.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 5.0",
                "product": {
                  "name": "Oracle Communications 5.0",
                  "product_id": "T021645",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 12.6.0.0.0",
                "product": {
                  "name": "Oracle Communications 12.6.0.0.0",
                  "product_id": "T022818",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:12.6.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 7.0.0.0.0",
                "product": {
                  "name": "Oracle Communications 7.0.0.0.0",
                  "product_id": "T022823",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 8.6.0.0",
                "product": {
                  "name": "Oracle Communications 8.6.0.0",
                  "product_id": "T024970",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:8.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 22.3.0",
                "product": {
                  "name": "Oracle Communications 22.3.0",
                  "product_id": "T024974",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:22.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 22.1.0.0.0",
                "product": {
                  "name": "Oracle Communications 22.1.0.0.0",
                  "product_id": "T025863",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:22.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 22.4.4",
                "product": {
                  "name": "Oracle Communications \u003c= 22.4.4",
                  "product_id": "T027328",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:22.4.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications \u003c= 23.1.1",
                "product": {
                  "name": "Oracle Communications \u003c= 23.1.1",
                  "product_id": "T027329",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:23.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0",
                  "product_id": "T027330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.0.1",
                "product": {
                  "name": "Oracle Communications 9.0.1",
                  "product_id": "T027331",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.4.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.4.0",
                  "product_id": "T027332",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.1.1.3.0",
                "product": {
                  "name": "Oracle Communications 9.1.1.3.0",
                  "product_id": "T027333",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.3.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.0.1.6.0",
                "product": {
                  "name": "Oracle Communications 9.0.1.6.0",
                  "product_id": "T027334",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.1.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 8.45",
                "product": {
                  "name": "Oracle Communications 8.45",
                  "product_id": "T027335",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:8.45"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 9.15",
                "product": {
                  "name": "Oracle Communications 9.15",
                  "product_id": "T027336",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 4.0",
                "product": {
                  "name": "Oracle Communications 4.0",
                  "product_id": "T027337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications 12.6.1.0.0",
                "product": {
                  "name": "Oracle Communications 12.6.1.0.0",
                  "product_id": "T027338",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-25690",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-25690"
    },
    {
      "cve": "CVE-2023-25613",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-25613"
    },
    {
      "cve": "CVE-2023-25577",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-25577"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-23931",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-23931"
    },
    {
      "cve": "CVE-2023-23916",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-0361",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2023-0361"
    },
    {
      "cve": "CVE-2022-47629",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-47629"
    },
    {
      "cve": "CVE-2022-46364",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-46364"
    },
    {
      "cve": "CVE-2022-45143",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45143"
    },
    {
      "cve": "CVE-2022-45047",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-45047"
    },
    {
      "cve": "CVE-2022-4415",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-4415"
    },
    {
      "cve": "CVE-2022-43402",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-43402"
    },
    {
      "cve": "CVE-2022-43401",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-43401"
    },
    {
      "cve": "CVE-2022-42898",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42898"
    },
    {
      "cve": "CVE-2022-42252",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40151",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-37865",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-37865"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-35737",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-31692",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-31692"
    },
    {
      "cve": "CVE-2022-31630",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-31630"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-31123",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-31123"
    },
    {
      "cve": "CVE-2022-28199",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-28199"
    },
    {
      "cve": "CVE-2022-25315",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-25315"
    },
    {
      "cve": "CVE-2022-23491",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-1471",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-1292",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2021-46848",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-46848"
    },
    {
      "cve": "CVE-2021-37519",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027330",
          "T022818",
          "T020687",
          "T022823",
          "T024974",
          "T019868",
          "T021645",
          "5104",
          "T027337",
          "T024970",
          "T027338",
          "T027335",
          "T025863",
          "T027336",
          "T027333",
          "T027334",
          "T027331",
          "T027332"
        ],
        "last_affected": [
          "T027328",
          "T027329"
        ]
      },
      "release_date": "2023-04-18T22:00:00.000+00:00",
      "title": "CVE-2021-37519"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-24998 (GCVE-0-2023-24998)

Synopsis

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature