Vulnerability-Lookup

CVE-2023-25194 (GCVE-0-2023-25194)

Vulnerability from cvelistv5 – Published: 2023-02-07 19:11 – Updated: 2025-03-25 14:12

Title

Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

Summary

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

3 references

URL	Tags
https://kafka.apache.org/cve-list	release-notes
https://lists.apache.org/thread/vy1c7fqcdqvq5grcq…	vendor-advisory
http://packetstormsecurity.com/files/173151/Apach…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Kafka Connect API	Affected: 2.3.0 , < 3.4.0 (semver)

Credits

Apache Kafka would like to thank to Jari Jääskelä (https://hackerone.com/reports/1529790) and 4ra1n and Y4tacker (they found vulnerabilities in other Apache projects. After discussion between PMC of the two projects, it was finally confirmed that it was the vulnerability of Kafka then they reported it to us)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:18:35.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://kafka.apache.org/cve-list"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-25194",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T14:12:44.371635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T14:12:50.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Kafka Connect API",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.4.0",
              "status": "affected",
              "version": "2.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Apache Kafka would like to thank to Jari J\u00e4\u00e4skel\u00e4 (https://hackerone.com/reports/1529790) and 4ra1n and Y4tacker (they found vulnerabilities in other Apache projects. After discussion between PMC of the two projects, it was finally confirmed that it was the vulnerability of Kafka then they reported it to us)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A possible security vulnerability has been identified in Apache Kafka Connect API.\u003cbr\u003eThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\u003cbr\u003eand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\u003cbr\u003eWhen configuring the connector via the Kafka Connect REST API, an\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated operator\u003c/span\u003e\u0026nbsp;can set the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e`sasl.jaas.config`\u003cbr\u003e\u003c/span\u003eproperty for any of the connector\u0027s Kafka clients\u0026nbsp;to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\u003cbr\u003e`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\u003cbr\u003eThis will allow the server to connect to the attacker\u0027s LDAP server\u003cbr\u003eand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\u003cbr\u003eAttacker can cause \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunrestricted deserialization of untrusted data (or)\u0026nbsp;\u003c/span\u003eRCE vulnerability when there are gadgets in the classpath.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\u003cbr\u003econfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\u003cbr\u003eclient override policy that permits them.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\u003cbr\u003ein SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka Connect 3.4.0. \u003cbr\u003e\u003cbr\u003eWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \u003cbr\u003evulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\u003cbr\u003eclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an\u00a0authenticated operator\u00a0can set the `sasl.jaas.config`\nproperty for any of the connector\u0027s Kafka clients\u00a0to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker\u0027s LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or)\u00a0RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka Connect 3.4.0. \n\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-21T11:35:25.117Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://kafka.apache.org/cve-list"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz"
        },
        {
          "url": "http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-25194",
    "datePublished": "2023-02-07T19:11:22.260Z",
    "dateReserved": "2023-02-05T16:20:53.202Z",
    "dateUpdated": "2025-03-25T14:12:50.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-25194",
      "date": "2026-06-25",
      "epss": "0.95302",
      "percentile": "0.99855"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:kafka_connect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndIncluding\": \"3.3.2\", \"matchCriteriaId\": \"D01E6EF4-36BF-49EF-B1DC-6DABE82EEBDC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A possible security vulnerability has been identified in Apache Kafka Connect API.\\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\\nWhen configuring the connector via the Kafka Connect REST API, an\\u00a0authenticated operator\\u00a0can set the `sasl.jaas.config`\\nproperty for any of the connector\u0027s Kafka clients\\u00a0to \\\"com.sun.security.auth.module.JndiLoginModule\\\", which can be done via the\\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\\nThis will allow the server to connect to the attacker\u0027s LDAP server\\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\\nAttacker can cause unrestricted deserialization of untrusted data (or)\\u00a0RCE vulnerability when there are gadgets in the classpath.\\n\\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\\nclient override policy that permits them.\\n\\nSince Apache Kafka 3.4.0, we have added a system property (\\\"-Dorg.apache.kafka.disallowed.login.modules\\\") to disable the problematic login modules usage\\nin SASL JAAS configuration. Also by default \\\"com.sun.security.auth.module.JndiLoginModule\\\" is disabled in Apache Kafka Connect 3.4.0. \\n\\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \\nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\\nin addition to leveraging the \\\"org.apache.kafka.disallowed.login.modules\\\" system property, Kafka Connect users can also implement their own connector\\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\\n\"}]",
      "id": "CVE-2023-25194",
      "lastModified": "2024-11-21T07:49:17.500",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-02-07T20:15:09.017",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kafka.apache.org/cve-list\", \"source\": \"security@apache.org\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kafka.apache.org/cve-list\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-25194\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-02-07T20:15:09.017\",\"lastModified\":\"2026-06-17T05:40:53.747\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A possible security vulnerability has been identified in Apache Kafka Connect API.\\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\\nWhen configuring the connector via the Kafka Connect REST API, an\u00a0authenticated operator\u00a0can set the `sasl.jaas.config`\\nproperty for any of the connector\u0027s Kafka clients\u00a0to \\\"com.sun.security.auth.module.JndiLoginModule\\\", which can be done via the\\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\\nThis will allow the server to connect to the attacker\u0027s LDAP server\\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\\nAttacker can cause unrestricted deserialization of untrusted data (or)\u00a0RCE vulnerability when there are gadgets in the classpath.\\n\\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\\nclient override policy that permits them.\\n\\nSince Apache Kafka 3.4.0, we have added a system property (\\\"-Dorg.apache.kafka.disallowed.login.modules\\\") to disable the problematic login modules usage\\nin SASL JAAS configuration. Also by default \\\"com.sun.security.auth.module.JndiLoginModule\\\" is disabled in Apache Kafka Connect 3.4.0. \\n\\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \\nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\\nin addition to leveraging the \\\"org.apache.kafka.disallowed.login.modules\\\" system property, Kafka Connect users can also implement their own connector\\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\\n\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Kafka Connect API\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.3.0\",\"lessThan\":\"3.4.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-25T14:12:44.371635Z\",\"id\":\"CVE-2023-25194\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:kafka_connect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndIncluding\":\"3.3.2\",\"matchCriteriaId\":\"D01E6EF4-36BF-49EF-B1DC-6DABE82EEBDC\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kafka.apache.org/cve-list\",\"source\":\"security@apache.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kafka.apache.org/cve-list\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kafka.apache.org/cve-list\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:18:35.675Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25194\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-25T14:12:44.371635Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-25T14:12:24.449Z\"}}], \"cna\": {\"title\": \"Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect \", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Apache Kafka would like to thank to Jari J\\u00e4\\u00e4skel\\u00e4 (https://hackerone.com/reports/1529790) and 4ra1n and Y4tacker (they found vulnerabilities in other Apache projects. After discussion between PMC of the two projects, it was finally confirmed that it was the vulnerability of Kafka then they reported it to us)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Kafka Connect API\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.0\", \"lessThan\": \"3.4.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://kafka.apache.org/cve-list\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A possible security vulnerability has been identified in Apache Kafka Connect API.\\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\\nWhen configuring the connector via the Kafka Connect REST API, an\\u00a0authenticated operator\\u00a0can set the `sasl.jaas.config`\\nproperty for any of the connector\u0027s Kafka clients\\u00a0to \\\"com.sun.security.auth.module.JndiLoginModule\\\", which can be done via the\\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\\nThis will allow the server to connect to the attacker\u0027s LDAP server\\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\\nAttacker can cause unrestricted deserialization of untrusted data (or)\\u00a0RCE vulnerability when there are gadgets in the classpath.\\n\\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\\nclient override policy that permits them.\\n\\nSince Apache Kafka 3.4.0, we have added a system property (\\\"-Dorg.apache.kafka.disallowed.login.modules\\\") to disable the problematic login modules usage\\nin SASL JAAS configuration. Also by default \\\"com.sun.security.auth.module.JndiLoginModule\\\" is disabled in Apache Kafka Connect 3.4.0. \\n\\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \\nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\\nin addition to leveraging the \\\"org.apache.kafka.disallowed.login.modules\\\" system property, Kafka Connect users can also implement their own connector\\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A possible security vulnerability has been identified in Apache Kafka Connect API.\u003cbr\u003eThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\u003cbr\u003eand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\u003cbr\u003eWhen configuring the connector via the Kafka Connect REST API, an\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eauthenticated operator\u003c/span\u003e\u0026nbsp;can set the \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e`sasl.jaas.config`\u003cbr\u003e\u003c/span\u003eproperty for any of the connector\u0027s Kafka clients\u0026nbsp;to \\\"com.sun.security.auth.module.JndiLoginModule\\\", which can be done via the\u003cbr\u003e`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\u003cbr\u003eThis will allow the server to connect to the attacker\u0027s LDAP server\u003cbr\u003eand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\u003cbr\u003eAttacker can cause \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eunrestricted deserialization of untrusted data (or)\u0026nbsp;\u003c/span\u003eRCE vulnerability when there are gadgets in the classpath.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\u003cbr\u003econfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\u003cbr\u003eclient override policy that permits them.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.4.0, we have added a system property (\\\"-Dorg.apache.kafka.disallowed.login.modules\\\") to disable the problematic login modules usage\u003cbr\u003ein SASL JAAS configuration. Also by default \\\"com.sun.security.auth.module.JndiLoginModule\\\" is disabled in Apache Kafka Connect 3.4.0. \u003cbr\u003e\u003cbr\u003eWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \u003cbr\u003evulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ein addition to leveraging the \\\"org.apache.kafka.disallowed.login.modules\\\" system property, Kafka Connect users can also implement their own connector\u003cbr\u003eclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-21T11:35:25.117Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-25194\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-25T14:12:50.930Z\", \"dateReserved\": \"2023-02-05T16:20:53.202Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-02-07T19:11:22.260Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-2700

Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-12-12 23:00

Summary

Atlassian Confluence: Mehrere Schwachstellen

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Confluence ist eine kommerzielle Wiki-Software. Jira ist eine Webanwendung zur Softwareentwicklung. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-28709

In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen. Für die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-25194

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22515

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-22514

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2023-1370

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-45688

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-45685

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42004

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-42003

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-41906

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-40152

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-3509

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-3171

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2022-25647

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-46877

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-31684

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2021-22569

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2020-36518

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2020-13936

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

CVE-2019-13990

Affected products

Known affected 17 products

Product	Identifier	Version
Atlassian Bamboo < 9.3.5 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.3.5`	—
Atlassian Confluence < 8.4.5 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.4.5`	—
Atlassian Confluence < 8.6.2 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.6.2`	—
Atlassian Bitbucket < 7.21.18 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:7.21.18`	—
Atlassian Confluence < 8.5.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.5.4`	—
Atlassian Bitbucket < 8.9.7 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.9.7`	—
Atlassian Confluence < 8.7.1 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.7.1`	—
Atlassian Bamboo < 9.2.7 Atlassian / Bamboo	`cpe:/a:atlassian:bamboo:9.2.7`	—
Atlassian Confluence < 8.3.4 Atlassian / Confluence	`cpe:/a:atlassian:confluence:8.3.4`	—
Atlassian Bitbucket < 8.12.4 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.12.4`	—
Atlassian Bitbucket < 8.11.6 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.11.6`	—
Atlassian Jira Software Service Management < 4.20.28 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__4.20.28`	—
Atlassian Bitbucket < 8.14.2 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.14.2`	—
Atlassian Jira Software < 9.4.13 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:9.4.13`	—
Atlassian Bitbucket < 8.13.3 Atlassian / Bitbucket	`cpe:/a:atlassian:bitbucket:8.13.3`	—
Atlassian Confluence < 7.19.17 Atlassian / Confluence	`cpe:/a:atlassian:confluence:7.19.17`	—
Atlassian Jira Software Service Management < 5.4.12 Atlassian / Jira Software	`cpe:/a:atlassian:jira_software:service_management__5.4.12`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Confluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nBamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2700 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2700.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2700 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2700"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Update vom 2023-10-17",
        "url": "https://confluence.atlassian.com/security/security-bulletin-october-17-2023-1299929380.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
        "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Confluence: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:13.228+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2700",
      "initial_release_date": "2023-10-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.7",
                  "product_id": "1529586",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
                  "product_id": "T030667",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.5_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
                  "product_id": "T030668",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.1_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
                  "product_id": "T030669",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.3_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bamboo \u003c 9.3.5",
                "product": {
                  "name": "Atlassian Bamboo \u003c 9.3.5",
                  "product_id": "T031324",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
                  "product_id": "T030666",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.1_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 7.21.18",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 7.21.18",
                  "product_id": "T031325",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.9.7",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.9.7",
                  "product_id": "T031614",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.11.6",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.11.6",
                  "product_id": "T031615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.12.4",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.12.4",
                  "product_id": "T031616",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.13.3",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.13.3",
                  "product_id": "T031617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Bitbucket \u003c 8.14.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c 8.14.2",
                  "product_id": "T031618",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
                  "product_id": "T030660",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.3_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
                  "product_id": "T030662",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.2_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
                  "product_id": "T030663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.3_server_and_data_center"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.3.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.3.4",
                  "product_id": "T030846",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 7.19.17",
                "product": {
                  "name": "Atlassian Confluence \u003c 7.19.17",
                  "product_id": "T031609",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.17"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.4.5",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.4.5",
                  "product_id": "T031610",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.5.4",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.5.4",
                  "product_id": "T031611",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.6.2",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.6.2",
                  "product_id": "T031612",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Confluence \u003c 8.7.1",
                "product": {
                  "name": "Atlassian Confluence \u003c 8.7.1",
                  "product_id": "T031613",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
                "product": {
                  "name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
                  "product_id": "T030664",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:4.20.27_service_management_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
                "product": {
                  "name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
                  "product_id": "T030665",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:5.4.11_service_management_data_center_and_server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software \u003c 9.4.13",
                "product": {
                  "name": "Atlassian Jira Software \u003c 9.4.13",
                  "product_id": "T031606",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:9.4.13"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 4.20.28",
                  "product_id": "T031607",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                "product": {
                  "name": "Atlassian Jira Software Service Management \u003c 5.4.12",
                  "product_id": "T031608",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira Software"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28709",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-28709"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-22515",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22515"
    },
    {
      "cve": "CVE-2023-22514",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-22514"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45685",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-45685"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-41906",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-41906"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-3509",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2021-46877",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-46877"
    },
    {
      "cve": "CVE-2021-31684",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-31684"
    },
    {
      "cve": "CVE-2021-22569",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-13936",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2019-13990",
      "notes": [
        {
          "category": "description",
          "text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "T031325",
          "T031611",
          "T031614",
          "T031613",
          "1529586",
          "T030846",
          "T031616",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031608"
        ]
      },
      "release_date": "2023-10-17T22:00:00.000+00:00",
      "title": "CVE-2019-13990"
    }
  ]
}

WID-SEC-W-2024-0107

Vulnerability from csaf_certbund - Published: 2024-01-16 23:00 - Updated: 2024-01-16 23:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-5072

In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-45648

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-44981

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-44487

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-44483

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-42794

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-42503

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-37536

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-34981

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-34034

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-33201

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-31122

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-2976

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-28823

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-25194

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2023-20883

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-45868

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-42920

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-36944

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-31160

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-31147

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2022-1471

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2021-4104

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

CVE-2021-37533

Affected products

Known affected 15 products

Product	Identifier	Version
Oracle Communications Applications 3.0.3.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.2`	—
Oracle Communications Applications 6.3.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1.0.0`	—
Oracle Communications Applications 3.0.3.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3`	—
Oracle Communications Applications 8.1.0.24.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.24.0`	—
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	—
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	—
Oracle Communications Applications 7.4 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4`	—
Oracle Communications Applications 7.4.2 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2`	—
Oracle Communications Applications 6.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.1.0.0`	—
Oracle Communications Applications 7.4.1.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1.5.0`	—
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	—
Oracle Communications Applications 7.4.2.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.2.8.0`	—
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	—
Oracle Communications Applications 7.4.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0.7.0`	—
Oracle Communications Applications 10.0.1.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:10.0.1.7.0`	—

Last affected 6 products

Product	Identifier	Version
Oracle Communications Applications <= 12.0.0.8 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8`	—
Oracle Communications Applications <= 12.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.8.0`	—
Oracle Communications Applications <= 12.0.0.7 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.0.7`	—
Oracle Communications Applications <= 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	—
Oracle Communications Applications <= 6.0.3 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.3`	—
Oracle Communications Applications <= 5.5.19 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:5.5.19`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujan2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0107 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0107.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0107 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0107"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications Applications vom 2024-01-16",
        "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCAGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:44.309+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0107",
      "initial_release_date": "2024-01-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.0",
                  "product_id": "T018938",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.1",
                "product": {
                  "name": "Oracle Communications Applications 7.4.1",
                  "product_id": "T018939",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.2",
                "product": {
                  "name": "Oracle Communications Applications 7.4.2",
                  "product_id": "T018940",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 6.0.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications 6.0.1.0.0",
                  "product_id": "T021634",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.0.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.5.0",
                "product": {
                  "name": "Oracle Communications Applications 7.5.0",
                  "product_id": "T021639",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4",
                "product": {
                  "name": "Oracle Communications Applications 7.4",
                  "product_id": "T022811",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 12.0.6.0.0",
                  "product_id": "T027325",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.6.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 12.0.0.8.0",
                  "product_id": "T028669",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.0.8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 3.0.3.2",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.2",
                  "product_id": "T028670",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 10.0.1.7.0",
                "product": {
                  "name": "Oracle Communications Applications 10.0.1.7.0",
                  "product_id": "T028674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:10.0.1.7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.0.7.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.0.7.0",
                  "product_id": "T028676",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.0.7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.1.5.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.1.5.0",
                  "product_id": "T028677",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.1.5.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 7.4.2.8.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.2.8.0",
                  "product_id": "T028678",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.2.8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 6.3.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications 6.3.1.0.0",
                  "product_id": "T030578",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.3.1.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 12.0.0.8",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 12.0.0.8",
                  "product_id": "T030579",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 6.0.3",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 6.0.3",
                  "product_id": "T030581",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.0.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 12.0.0.7",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 12.0.0.7",
                  "product_id": "T032083",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.0.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 15.0.0.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.0.0.0.0",
                  "product_id": "T032084",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 3.0.3.3",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.3",
                  "product_id": "T032085",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications 8.1.0.24.0",
                "product": {
                  "name": "Oracle Communications Applications 8.1.0.24.0",
                  "product_id": "T032086",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.1.0.24.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Oracle Communications Applications \u003c= 5.5.19",
                "product": {
                  "name": "Oracle Communications Applications \u003c= 5.5.19",
                  "product_id": "T032087",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:5.5.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5072",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-45648",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-45648"
    },
    {
      "cve": "CVE-2023-44981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-44981"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-44483",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-44483"
    },
    {
      "cve": "CVE-2023-42794",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-42794"
    },
    {
      "cve": "CVE-2023-42503",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-42503"
    },
    {
      "cve": "CVE-2023-37536",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-37536"
    },
    {
      "cve": "CVE-2023-34981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-34981"
    },
    {
      "cve": "CVE-2023-34034",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-33201",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-31122",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-31122"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-28823",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-28823"
    },
    {
      "cve": "CVE-2023-25194",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-25194"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2022-45868",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-45868"
    },
    {
      "cve": "CVE-2022-42920",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-42920"
    },
    {
      "cve": "CVE-2022-36944",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-36944"
    },
    {
      "cve": "CVE-2022-31160",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2022-31147",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-31147"
    },
    {
      "cve": "CVE-2022-1471",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028670",
          "T030578",
          "T032085",
          "T032086",
          "T021639",
          "T032084",
          "T022811",
          "T018940",
          "T021634",
          "T028677",
          "T018938",
          "T028678",
          "T018939",
          "T028676",
          "T028674"
        ],
        "last_affected": [
          "T030579",
          "T028669",
          "T032083",
          "T027325",
          "T030581",
          "T032087"
        ]
      },
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2021-37533"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-25194 (GCVE-0-2023-25194)

WID-SEC-W-2023-2700

WID-SEC-W-2024-0107

Tags

Sightings

Nomenclature