Vulnerability-Lookup

CVE-2023-44271 (GCVE-0-2023-44271)

Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2024-08-02 19:59

Summary

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

5 references

URL	Tags
https://github.com/python-pillow/Pillow/pull/7244
https://github.com/python-pillow/Pillow/commit/1f…
https://devhub.checkmarx.com/cve-details/CVE-2023…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:51.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/python-pillow/Pillow/pull/7244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/"
          },
          {
            "name": "FEDORA-2023-1a120657f9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/"
          },
          {
            "name": "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-22T11:05:57.360Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/python-pillow/Pillow/pull/7244"
        },
        {
          "url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7"
        },
        {
          "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/"
        },
        {
          "name": "FEDORA-2023-1a120657f9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/"
        },
        {
          "name": "[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-44271",
    "datePublished": "2023-11-03T00:00:00.000Z",
    "dateReserved": "2023-09-28T00:00:00.000Z",
    "dateUpdated": "2024-08-02T19:59:51.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-44271",
      "date": "2026-06-04",
      "epss": "0.00236",
      "percentile": "0.46722"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.0\", \"matchCriteriaId\": \"70ADC73C-9DBB-4903-B4E9-6C2354F2F07A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en Pillow antes de la versi\\u00f3n 10.0.0. Es una Denegaci\\u00f3n de Servicio que asigna memoria de forma incontrolable para procesar una tarea determinada, lo que puede provocar que un servicio falle al quedarse sin memoria. Esto ocurre para truetype en ImageFont cuando la longitud del texto en una instancia de ImageDraw opera con un argumento de texto largo.\"}]",
      "id": "CVE-2023-44271",
      "lastModified": "2024-11-21T08:25:33.610",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-11-03T05:15:30.137",
      "references": "[{\"url\": \"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/pull/7244\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/pull/7244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-44271\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-11-03T05:15:30.137\",\"lastModified\":\"2024-11-21T08:25:33.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Pillow antes de la versi\u00f3n 10.0.0. Es una Denegaci\u00f3n de Servicio que asigna memoria de forma incontrolable para procesar una tarea determinada, lo que puede provocar que un servicio falle al quedarse sin memoria. Esto ocurre para truetype en ImageFont cuando la longitud del texto en una instancia de ImageDraw opera con un argumento de texto largo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0\",\"matchCriteriaId\":\"70ADC73C-9DBB-4903-B4E9-6C2354F2F07A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python-pillow/Pillow/pull/7244\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python-pillow/Pillow/pull/7244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2024-0522

Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2024-12-11 23:00

Summary

Red Hat Ansible Automation Platform: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuführen oder Cross-Site Scripting (XSS)-Angriffe auszuführen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.

Betroffene Betriebssysteme: - Linux

CVE-2022-40896

Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuführen oder Cross-Site-Scripting (XSS)-Angriffe auszuführen. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen.

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-44271

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-47627

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-49081

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-49082

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-52323

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-1657

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-22195

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-24680

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Red Hat Ansible Automation Platform 2.4 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.4`	2.4
Red Hat Ansible Automation Platform <2.4 Red Hat / Ansible Automation Platform		<2.4
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

15 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2024:1057	external
https://access.redhat.com/errata/RHSA-2024:1072	external
https://access.redhat.com/errata/RHSA-2024:1155	external
https://access.redhat.com/errata/RHSA-2024:1536	external
https://access.redhat.com/errata/RHSA-2024:1640	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://access.redhat.com/errata/RHSA-2024:1878	external
https://access.redhat.com/errata/RHSA-2024:2348	external
https://access.redhat.com/errata/RHSA-2024:3927	external
https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html	external
https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html	external
https://security.gentoo.org/glsa/202408-11	external
https://security-tracker.debian.org/tracker/DSA-5828-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0522 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0522.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0522 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0522"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1057 vom 2024-02-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:1057"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1072 vom 2024-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:1072"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1155 vom 2024-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:1155"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1536 vom 2024-03-27",
        "url": "https://access.redhat.com/errata/RHSA-2024:1536"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1640 vom 2024-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:1640"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-5FC8709AA5 vom 2024-04-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5fc8709aa5"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:1878"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2348 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2348"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3927 vom 2024-06-14",
        "url": "https://access.redhat.com/errata/RHSA-2024:3927"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-645 vom 2024-07-02",
        "url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-644 vom 2024-07-02",
        "url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202408-11 vom 2024-08-07",
        "url": "https://security.gentoo.org/glsa/202408-11"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5828 vom 2024-12-12",
        "url": "https://security-tracker.debian.org/tracker/DSA-5828-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-12T09:07:37.262+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-0522",
      "initial_release_date": "2024-02-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-05T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-03-27T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-02T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-13T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-08-07T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-12-11T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.4",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.4",
                  "product_id": "1496312",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.4",
                "product": {
                  "name": "Red Hat Ansible Automation Platform \u003c2.4",
                  "product_id": "T033201"
                }
              },
              {
                "category": "product_version",
                "name": "2.4",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.4",
                  "product_id": "T033201-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ansible Automation Platform"
          },
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40896",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-40896"
    },
    {
      "cve": "CVE-2023-44271",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-44271"
    },
    {
      "cve": "CVE-2023-47627",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-47627"
    },
    {
      "cve": "CVE-2023-49081",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-49081"
    },
    {
      "cve": "CVE-2023-49082",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-49082"
    },
    {
      "cve": "CVE-2023-52323",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-52323"
    },
    {
      "cve": "CVE-2024-1657",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2024-1657"
    },
    {
      "cve": "CVE-2024-22195",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-24680",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Red Hat Ansible Automation Platform. Diese Fehler bestehen in mehreren pythonbezogenen Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Interaktion des Benutzers, um sie erfolgreich auszunutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T012167",
          "1496312",
          "T033201",
          "74185"
        ]
      },
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2024-24680"
    }
  ]
}

WID-SEC-W-2024-0873

Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-04-16 22:00

Summary

Oracle Financial Services Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2022-31160

In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2022-46337

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-2618

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-33201

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-42503

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-44271

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-44483

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-44487

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-44981

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-46589

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-46604

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-5072

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-23635

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-26308

Affected products

Known affected 20 products

Product	Identifier	Version
Oracle Financial Services Applications 19.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.1.0.0.0`	19.1.0.0.0
Oracle Financial Services Applications 19.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:19.2.0.0.0`	19.2.0.0.0
Oracle Financial Services Applications 12.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:12.1.0.0.0`	12.1.0.0.0
Oracle Financial Services Applications 3.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.0.0.0.0`	3.0.0.0.0
Oracle Financial Services Applications 2.8.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.8.0.0.0`	2.8.0.0.0
Oracle Financial Services Applications 2.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.7.0.0.0`	2.7.0.0.0
Oracle Financial Services Applications 2.12.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.12.0.0.0`	2.12.0.0.0
Oracle Financial Services Applications 14.7.0.3.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.3.0`	14.7.0.3.0
Oracle Financial Services Applications 5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.0.0.0`	5.0.0.0
Oracle Financial Services Applications 4.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:4.0.0.0`	4.0.0.0
Oracle Financial Services Applications 3.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.1.0.0.0`	3.1.0.0.0
Oracle Financial Services Applications 14.6.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.6.0.0.0`	14.6.0.0.0
Oracle Financial Services Applications 2.9.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0`	2.9.0.0.0
Oracle Financial Services Applications 14.5.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.5.0.0.0`	14.5.0.0.0
Oracle Financial Services Applications 2.9.0.1.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.1.0`	2.9.0.1.0
Oracle Financial Services Applications 3.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:3.2.0.0.0`	3.2.0.0.0
Oracle Financial Services Applications 14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2024…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Financial Services ist eine Zusammenstellung  von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0873 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0873.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0873 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0873"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Financial Services Applications vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixIFLX"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:41.626+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0873",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.9.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.9.0.0.0",
                  "product_id": "T023930",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.9.0.1.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.9.0.1.0",
                  "product_id": "T023931",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 3.2.0.0.0",
                  "product_id": "T023932",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 19.1.0.0.0",
                  "product_id": "T028693",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "19.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 19.2.0.0.0",
                  "product_id": "T028694",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:19.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 21.1.0.0.0",
                  "product_id": "T028695",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.1.0.0.0",
                  "product_id": "T028696",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.2.0.0.0",
                  "product_id": "T028697",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.0.0",
                  "product_id": "T028702",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.7.0.3.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.3.0",
                  "product_id": "T032111",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 12.1.0.0.0",
                  "product_id": "T034159",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:12.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.5.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.5.0.0.0",
                  "product_id": "T034160",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.5.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.6.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.6.0.0.0",
                  "product_id": "T034161",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.12.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.12.0.0.0",
                  "product_id": "T034162",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.12.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.7.0.0.0",
                  "product_id": "T034163",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.7.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.8.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.8.0.0.0",
                  "product_id": "T034164",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.8.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 3.0.0.0.0",
                  "product_id": "T034165",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 3.1.0.0.0",
                  "product_id": "T034166",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:3.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 4.0.0.0",
                  "product_id": "T034167",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:4.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 5.0.0.0",
                  "product_id": "T034168",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:5.0.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31160",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2022-46337",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2023-2618",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-2618"
    },
    {
      "cve": "CVE-2023-33201",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-42503",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-42503"
    },
    {
      "cve": "CVE-2023-44271",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44271"
    },
    {
      "cve": "CVE-2023-44483",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44483"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-44981",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-44981"
    },
    {
      "cve": "CVE-2023-46589",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2023-46604",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-46604"
    },
    {
      "cve": "CVE-2023-5072",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2024-23635",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-23635"
    },
    {
      "cve": "CVE-2024-26308",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028693",
          "T028694",
          "T034159",
          "T034165",
          "T034164",
          "T034163",
          "T034162",
          "T032111",
          "T034168",
          "T034167",
          "T034166",
          "T034161",
          "T023930",
          "T034160",
          "T023931",
          "T023932",
          "T028702",
          "T028697",
          "T028695",
          "T028696"
        ]
      },
      "release_date": "2024-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-44271 (GCVE-0-2023-44271)

WID-SEC-W-2024-0522

WID-SEC-W-2024-0873

Tags

Sightings

Nomenclature