Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-13009 (GCVE-0-2024-13009)
Vulnerability from cvelistv5 – Published: 2025-05-08 17:29 – Updated: 2025-05-08 18:56 Unsupported When Assigned
VLAI
EPSS
Title
Eclipse Jetty GZIP buffer release
Summary
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Jetty |
Affected:
9.4.0 , ≤ 9.4.56
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:32.278977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:39.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jetty",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "9.4.56",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T17:29:31.380Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
},
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Eclipse Jetty GZIP buffer release",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-13009",
"datePublished": "2025-05-08T17:29:31.380Z",
"dateReserved": "2024-12-28T09:11:12.587Z",
"dateUpdated": "2025-05-08T18:56:39.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-13009",
"date": "2026-06-28",
"epss": "0.00432",
"percentile": "0.3455"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-13009\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-08T18:15:41.640\",\"lastModified\":\"2026-06-17T07:00:58.163\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[{\"sourceIdentifier\":\"emo@eclipse.org\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\"},{\"lang\":\"es\",\"value\":\"En las versiones 9.4.0 a 9.4.56 de Eclipse Jetty, un b\u00fafer puede liberarse incorrectamente al detectar un error de gzip al inflar el cuerpo de una solicitud. Esto puede provocar que se compartan datos corruptos o inadvertidos entre solicitudes.\"}],\"affected\":[{\"source\":\"emo@eclipse.org\",\"affectedData\":[{\"vendor\":\"Eclipse Foundation\",\"product\":\"Jetty\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"9.4.0\",\"lessThanOrEqual\":\"9.4.56\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.7}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-05-08T18:55:32.278977Z\",\"id\":\"CVE-2024-13009\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.57\",\"matchCriteriaId\":\"5E84B2A3-9032-487F-96D2-6E7F94D761B1\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-13009\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T18:55:32.278977Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T18:55:42.205Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"Eclipse Jetty GZIP buffer release\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.56\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/48\"}, {\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"CWE-404 Improper Resource Shutdown or Release\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-05-08T17:29:31.380Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-13009\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T18:56:39.446Z\", \"dateReserved\": \"2024-12-28T09:11:12.587Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-08T17:29:31.380Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cleanstart-2026-sq91016
Vulnerability from cleanstart
Published
2026-05-18 13:11
Modified
2026-05-14 06:09
Summary
Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1
Details
Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-hive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SQ91016",
"modified": "2026-05-14T06:09:00Z",
"published": "2026-05-18T13:11:46.835215Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SQ91016.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1",
"upstream": [
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2021-22569",
"CVE-2021-22570",
"CVE-2022-2047",
"CVE-2022-3171",
"CVE-2022-3509",
"CVE-2022-3510",
"CVE-2022-36364",
"CVE-2022-41881",
"CVE-2023-20861",
"CVE-2023-20863",
"CVE-2023-26048",
"CVE-2023-26049",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2023-36479",
"CVE-2023-40167",
"CVE-2023-41900",
"CVE-2023-42503",
"CVE-2023-44981",
"CVE-2024-13009",
"CVE-2024-23454",
"CVE-2024-23944",
"CVE-2024-25710",
"CVE-2024-26308",
"CVE-2024-29131",
"CVE-2024-29133",
"CVE-2024-38808",
"CVE-2024-38820",
"CVE-2024-38827",
"CVE-2024-47554",
"CVE-2024-47561",
"CVE-2024-52046",
"CVE-2024-6763",
"CVE-2024-7254",
"CVE-2024-8184",
"CVE-2025-11143",
"CVE-2025-22233",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-27821",
"CVE-2025-41249",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-49128",
"CVE-2025-52999",
"CVE-2025-53864",
"CVE-2025-55163",
"CVE-2025-58056",
"CVE-2025-58057",
"CVE-2025-59419",
"CVE-2025-67735",
"CVE-2025-68161",
"CVE-2025-8916",
"CVE-2026-24281",
"CVE-2026-24308",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-5588",
"ghsa-58qw-p7qm-5rvh",
"ghsa-72hv-8253-57qq"
]
}
cleanstart-2026-vh41554
Vulnerability from cleanstart
Published
2026-04-06 02:48
Modified
2026-04-03 09:17
Summary
Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-33870, CVE-2026-33871, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-84h7-rjj3-6jx4, ghsa-cfxw-4h78-h7fw, ghsa-fghv-69vj-qj49, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jq43-27x9-3v86, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qqpg-mvqg-649v, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1
Details
Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "stargate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.91-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VH41554",
"modified": "2026-04-03T09:17:16Z",
"published": "2026-04-06T02:48:54.465143Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VH41554.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41973"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-1370"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34453"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34455"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-43642"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-52428"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-21634"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25638"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27137"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-40094"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-23015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24860"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46392"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-264p-99wq-f4j6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-269q-hmxg-m83q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-493p-pfq6-5258"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4gg5-vx3j-xwc7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-55g7-9cwv-5qfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5jpm-x58v-624v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-76h9-2vwh-w278"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78wr-2p64-hpwj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cfxw-4h78-h7fw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fjpj-2g6w-x25r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fx2c-96vj-985v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g5ww-5jh7-63cx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gvpg-vgmx-xg6w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h4h5-3hr4-j3g2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h9mq-f6q5-6c8m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jq43-27x9-3v86"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mvr2-9pj6-7w5j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pqr6-cmr2-h8hf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qcwq-55hx-v3vh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xpw8-rcwv-8f8p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xwmg-2g98-w7v9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41973"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34453"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52428"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21634"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25638"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27137"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40094"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24860"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46392"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-33870, CVE-2026-33871, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-84h7-rjj3-6jx4, ghsa-cfxw-4h78-h7fw, ghsa-fghv-69vj-qj49, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jq43-27x9-3v86, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qqpg-mvqg-649v, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1",
"upstream": [
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2021-41973",
"CVE-2022-24823",
"CVE-2022-3171",
"CVE-2022-3509",
"CVE-2022-3510",
"CVE-2022-41881",
"CVE-2023-1370",
"CVE-2023-2976",
"CVE-2023-34453",
"CVE-2023-34454",
"CVE-2023-34455",
"CVE-2023-34462",
"CVE-2023-43642",
"CVE-2023-44487",
"CVE-2023-52428",
"CVE-2024-12798",
"CVE-2024-12801",
"CVE-2024-13009",
"CVE-2024-21634",
"CVE-2024-25638",
"CVE-2024-27137",
"CVE-2024-29025",
"CVE-2024-35255",
"CVE-2024-40094",
"CVE-2024-47535",
"CVE-2024-47554",
"CVE-2024-52046",
"CVE-2024-6763",
"CVE-2024-7254",
"CVE-2024-8184",
"CVE-2024-9823",
"CVE-2025-23015",
"CVE-2025-24860",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-46392",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-53864",
"CVE-2025-55163",
"CVE-2025-58056",
"CVE-2025-58057",
"CVE-2025-59419",
"CVE-2025-67735",
"CVE-2026-1225",
"CVE-2026-33870",
"CVE-2026-33871",
"ghsa-25qh-j22f-pwp8",
"ghsa-264p-99wq-f4j6",
"ghsa-269q-hmxg-m83q",
"ghsa-389x-839f-4rhx",
"ghsa-3p8m-j85q-pgmj",
"ghsa-493p-pfq6-5258",
"ghsa-4g8c-wm8x-jfhw",
"ghsa-4gg5-vx3j-xwc7",
"ghsa-55g7-9cwv-5qfv",
"ghsa-5jpm-x58v-624v",
"ghsa-5mg8-w23w-74h3",
"ghsa-6mjq-h674-j845",
"ghsa-6v67-2wr5-gvf4",
"ghsa-735f-pc8j-v9w8",
"ghsa-76h9-2vwh-w278",
"ghsa-78wr-2p64-hpwj",
"ghsa-7g45-4rm6-3mm3",
"ghsa-84h7-rjj3-6jx4",
"ghsa-cfxw-4h78-h7fw",
"ghsa-fghv-69vj-qj49",
"ghsa-fjpj-2g6w-x25r",
"ghsa-fx2c-96vj-985v",
"ghsa-g5ww-5jh7-63cx",
"ghsa-g8m5-722r-8whq",
"ghsa-gvpg-vgmx-xg6w",
"ghsa-h4h5-3hr4-j3g2",
"ghsa-h9mq-f6q5-6c8m",
"ghsa-j26w-f9rq-mr2q",
"ghsa-j288-q9x7-2f5v",
"ghsa-jq43-27x9-3v86",
"ghsa-mvr2-9pj6-7w5j",
"ghsa-pqr6-cmr2-h8hf",
"ghsa-pr98-23f8-jwxv",
"ghsa-prj3-ccx8-p6x4",
"ghsa-q4rv-gq96-w7c5",
"ghsa-qcwq-55hx-v3vh",
"ghsa-qqpg-mvqg-649v",
"ghsa-wxr5-93ph-8wr9",
"ghsa-xpw8-rcwv-8f8p",
"ghsa-xq3w-v528-46rv",
"ghsa-xwmg-2g98-w7v9"
]
}
cleanstart-2026-wk99982
Vulnerability from cleanstart
Published
2026-05-18 13:11
Modified
2026-05-14 06:06
Summary
Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42583, CVE-2026-42586, CVE-2026-44248, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq, ghsa-mj4r-2hfc-f8p6 applied in versions: 4.0.1-r0, 4.0.1-r1, 4.0.1-r2
Details
Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-hive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.1-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WK99982",
"modified": "2026-05-14T06:06:15Z",
"published": "2026-05-18T13:11:47.355078Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WK99982.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40490"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42586"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44248"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36364"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41900"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42503"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38808"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40490"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42586"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44248"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42583, CVE-2026-42586, CVE-2026-44248, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq, ghsa-mj4r-2hfc-f8p6 applied in versions: 4.0.1-r0, 4.0.1-r1, 4.0.1-r2",
"upstream": [
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2021-22569",
"CVE-2021-22570",
"CVE-2022-2047",
"CVE-2022-3171",
"CVE-2022-3509",
"CVE-2022-3510",
"CVE-2022-36364",
"CVE-2022-41881",
"CVE-2023-20861",
"CVE-2023-20863",
"CVE-2023-26048",
"CVE-2023-26049",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2023-36479",
"CVE-2023-40167",
"CVE-2023-41900",
"CVE-2023-42503",
"CVE-2023-44981",
"CVE-2024-13009",
"CVE-2024-23454",
"CVE-2024-23944",
"CVE-2024-25710",
"CVE-2024-26308",
"CVE-2024-29131",
"CVE-2024-29133",
"CVE-2024-38808",
"CVE-2024-38820",
"CVE-2024-38827",
"CVE-2024-47554",
"CVE-2024-47561",
"CVE-2024-52046",
"CVE-2024-6763",
"CVE-2024-7254",
"CVE-2024-8184",
"CVE-2025-11143",
"CVE-2025-22233",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-27821",
"CVE-2025-41249",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-49128",
"CVE-2025-52999",
"CVE-2025-53864",
"CVE-2025-55163",
"CVE-2025-58056",
"CVE-2025-58057",
"CVE-2025-59419",
"CVE-2025-67735",
"CVE-2025-68161",
"CVE-2025-8916",
"CVE-2026-24281",
"CVE-2026-24308",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-40490",
"CVE-2026-41417",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42583",
"CVE-2026-42586",
"CVE-2026-44248",
"CVE-2026-5588",
"ghsa-58qw-p7qm-5rvh",
"ghsa-72hv-8253-57qq",
"ghsa-mj4r-2hfc-f8p6"
]
}
FKIE_CVE-2024-13009
Vulnerability from fkie_nvd - Published: 2025-05-08 18:15 - Updated: 2026-06-17 07:00
Severity
Summary
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
References
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Jetty",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "9.4.56",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"source": "emo@eclipse.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E84B2A3-9032-487F-96D2-6E7F94D761B1",
"versionEndExcluding": "9.4.57",
"versionStartIncluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "emo@eclipse.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests."
},
{
"lang": "es",
"value": "En las versiones 9.4.0 a 9.4.56 de Eclipse Jetty, un b\u00fafer puede liberarse incorrectamente al detectar un error de gzip al inflar el cuerpo de una solicitud. Esto puede provocar que se compartan datos corruptos o inadvertidos entre solicitudes."
}
],
"id": "CVE-2024-13009",
"lastModified": "2026-06-17T07:00:58.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "emo@eclipse.org",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-13009",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:32.278977Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-05-08T18:15:41.640",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
GHSA-Q4RV-GQ96-W7C5
Vulnerability from github – Published: 2025-05-08 19:28 – Updated: 2025-05-08 19:28
VLAI
Summary
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
Details
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.
Severity
7.2 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.4.56"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.4.0"
},
{
"fixed": "9.4.57.v20241219"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-13009"
],
"database_specific": {
"cwe_ids": [
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-08T19:28:34Z",
"nvd_published_at": "2025-05-08T18:15:41Z",
"severity": "HIGH"
},
"details": "In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.",
"id": "GHSA-q4rv-gq96-w7c5",
"modified": "2025-05-08T19:28:34Z",
"published": "2025-05-08T19:28:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetty/jetty.project"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request"
}
NCSC-2025-0275
Vulnerability from csaf_ncscnl - Published: 2025-09-09 11:12 - Updated: 2025-09-09 11:12Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver, SAP NetWeaver Application Server Java en SAP Landscape Transformation.
Interpretaties: De kwetsbaarheden bevinden zich onder andere in de RMI-P4 module en de SAP NetWeaver AS Java platform.
De kwetsbaarheid met kenmerk CVE-2025-42944 betreft een deserialisatieprobleem dat kan worden misbruikt door niet-geauthenticeerde aanvallers, wat kan leiden tot willekeurige OS-commando-executie. Dit bedreigt de vertrouwelijkheid, integriteit en beschikbaarheid van de applicatie.
De kwetsbaarheid met kenmerk CVE-2025-42922 stelt geauthenticeerde niet-administratieve gebruikers in staat om willekeurige bestanden te uploaden via de Deploy Web Service-functie. Dit kan ook leiden tot compromittering van systeemvertrouwelijkheid, integriteit en beschikbaarheid.
Oplossingen: SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-250: Execution with Unnecessary Privileges
CWE-287: Improper Authentication
CWE-306: Missing Authentication for Critical Function
CWE-341: Predictable from Observable State
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-404: Improper Resource Shutdown or Release
CWE-502: Deserialization of Untrusted Data
CWE-521: Weak Password Requirements
CWE-522: Insufficiently Protected Credentials
CWE-606: Unchecked Input for Loop Condition
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-862: Missing Authorization
CWE-863: Incorrect Authorization
CWE-1022: Use of Web Link to Untrusted Target with window.opener Access
CWE-1287: Improper Validation of Specified Type of Input
CWE-1395: Dependency on Vulnerable Third-Party Component
7.5 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.6 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
7.4 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
7.7 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
5.0 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-862
- Missing Authorization
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.1 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.1 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.9 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
5.3 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-1395
- Dependency on Vulnerable Third-Party Component
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.1 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.5 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
8.8 (High)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
6.1 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
CWE-1022
- Use of Web Link to Untrusted Target with window.opener Access
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
10.0 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
9.1 (Critical)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
4.9 (Medium)
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / Business Planning and Consolidation
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver ABAP Platform
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver AS Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Netweaver
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Business One (SLD)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori (Launchpad)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Fiori App (F4044 Manage Work Center Groups)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (Approve Timesheets Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP HCM (My Timesheet Fiori 2.0 application)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Landscape Transformation Replication Server
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver (Service Data Download)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Adobe Document Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (Deploy Web Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver AS Java (IIOP Service)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server for ABAP (Background Processing)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver and ABAP Platform (Service Data Collection)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Netweaver (RMI-P4)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP S/4HANA (Private Cloud or On-Premise)
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Supplier Relationship Management
|
vers:unknown/* |
References
28 references
| URL | Category |
|---|---|
| https://support.sap.com/en/my-support/knowledge-b… | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in verschillende producten, waaronder in SAP NetWeaver, SAP NetWeaver Application Server Java en SAP Landscape Transformation.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich onder andere in de RMI-P4 module en de SAP NetWeaver AS Java platform.\n\nDe kwetsbaarheid met kenmerk CVE-2025-42944 betreft een deserialisatieprobleem dat kan worden misbruikt door niet-geauthenticeerde aanvallers, wat kan leiden tot willekeurige OS-commando-executie. Dit bedreigt de vertrouwelijkheid, integriteit en beschikbaarheid van de applicatie.\n\nDe kwetsbaarheid met kenmerk CVE-2025-42922 stelt geauthenticeerde niet-administratieve gebruikers in staat om willekeurige bestanden te uploaden via de Deploy Web Service-functie. Dit kan ook leiden tot compromittering van systeemvertrouwelijkheid, integriteit en beschikbaarheid.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Predictable from Observable State",
"title": "CWE-341"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Use of Web Link to Untrusted Target with window.opener Access",
"title": "CWE-1022"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP producten",
"tracking": {
"current_release_date": "2025-09-09T11:12:22.945466Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.2"
}
},
"id": "NCSC-2025-0275",
"initial_release_date": "2025-09-09T11:12:22.945466Z",
"revision_history": [
{
"date": "2025-09-09T11:12:22.945466Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Business Planning and Consolidation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "NetWeaver ABAP Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "NetWeaver AS Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Netweaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "SAP Business One (SLD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "SAP Fiori (Launchpad)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "SAP Fiori App (F4044 Manage Work Center Groups)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "SAP HCM (Approve Timesheets Fiori 2.0 application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "SAP HCM (My Timesheet Fiori 2.0 application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SAP Landscape Transformation Replication Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver (Service Data Download)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (Adobe Document Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (Deploy Web Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver AS Java (IIOP Service)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server for ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server for ABAP (Background Processing)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver and ABAP Platform (Service Data Collection)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "SAP Netweaver (RMI-P4)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "SAP S/4HANA (Private Cloud or On-Premise)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-21"
}
}
],
"category": "product_name",
"name": "Supplier Relationship Management"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-27500",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-27500 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-27500.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2023-27500"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22228 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22228.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-27428",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27428 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-27428"
},
{
"cve": "CVE-2025-42911",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42911 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42911.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42911"
},
{
"cve": "CVE-2025-42912",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42912 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42912.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42912"
},
{
"cve": "CVE-2025-42913",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42913.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42913"
},
{
"cve": "CVE-2025-42914",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42914 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42914.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42914"
},
{
"cve": "CVE-2025-42915",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42915 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42915.json"
}
],
"title": "CVE-2025-42915"
},
{
"cve": "CVE-2025-42916",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42916"
},
{
"cve": "CVE-2025-42917",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42917.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42917"
},
{
"cve": "CVE-2025-42918",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42918"
},
{
"cve": "CVE-2025-42920",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42920"
},
{
"cve": "CVE-2025-42922",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42922 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42922.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42922"
},
{
"cve": "CVE-2025-42923",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42923 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42923.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42923"
},
{
"cve": "CVE-2025-42925",
"cwe": {
"id": "CWE-341",
"name": "Predictable from Observable State"
},
"notes": [
{
"category": "other",
"text": "Predictable from Observable State",
"title": "CWE-341"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42925 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42925.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42925"
},
{
"cve": "CVE-2025-42926",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42926 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42926"
},
{
"cve": "CVE-2025-42927",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42927 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42927.json"
}
],
"title": "CVE-2025-42927"
},
{
"cve": "CVE-2025-42929",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42929"
},
{
"cve": "CVE-2025-42930",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42930 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42930.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42930"
},
{
"cve": "CVE-2025-42933",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "other",
"text": "Insufficiently Protected Credentials",
"title": "CWE-522"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42933 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42933.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42933"
},
{
"cve": "CVE-2025-42938",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42938 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42938.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42938"
},
{
"cve": "CVE-2025-42941",
"cwe": {
"id": "CWE-1022",
"name": "Use of Web Link to Untrusted Target with window.opener Access"
},
"notes": [
{
"category": "other",
"text": "Use of Web Link to Untrusted Target with window.opener Access",
"title": "CWE-1022"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42941.json"
}
],
"title": "CVE-2025-42941"
},
{
"cve": "CVE-2025-42944",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42944 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42944.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42944"
},
{
"cve": "CVE-2025-42958",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42958 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42958.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42958"
},
{
"cve": "CVE-2025-42961",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-42961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-42961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20",
"CSAFPID-21"
]
}
],
"title": "CVE-2025-42961"
}
]
}
NCSC-2025-0338
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:53 - Updated: 2025-10-23 13:53Summary
Kwetsbaarheden verholpen in Oracle JD Edwards EnterpriseOne Tools
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (Specifiek voor versies 9.2.0.0 tot 9.2.9.4).
Interpretaties: De kwetsbaarheden in JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde aanvallers in staat om het systeem via HTTP te compromitteren, wat kan leiden tot ongeautoriseerde toegang en wijzigingen van gevoelige gegevens. Dit heeft invloed op zowel de vertrouwelijkheid als de integriteit van de gegevens. De kwetsbaarheid heeft een CVSS-score van 6.1, wat duidt op een gematigde ernst.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-125: Out-of-bounds Read
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-488: Exposure of Data Element to Wrong Session
CWE-502: Deserialization of Untrusted Data
CWE-668: Exposure of Resource to Wrong Sphere
CWE-787: Out-of-bounds Write
CWE-840: CWE-840
Multiple vulnerabilities in libcurl and TensorFlow dependencies expose sensitive data and require updates to address security issues across various versions.
CWE-668 - Exposure of Resource to Wrong SphereAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Low-level GF(2^m) elliptic curve APIs in OpenSSL and other Oracle products present vulnerabilities, including out-of-bounds memory access and unauthorized data access, with varying severity across different applications.
4.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access, data corruption, and manipulation risks.
7.2 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Multiple vulnerabilities across Apache MINA, Oracle Middleware, JD Edwards, NetApp products, and HPE Telco IP Mediation expose systems to remote code execution, unauthorized access, and potential data compromise, with CVSS scores reaching 9.8.
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
References
9 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2025.html | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (Specifiek voor versies 9.2.0.0 tot 9.2.9.4).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde aanvallers in staat om het systeem via HTTP te compromitteren, wat kan leiden tot ongeautoriseerde toegang en wijzigingen van gevoelige gegevens. Dit heeft invloed op zowel de vertrouwelijkheid als de integriteit van de gegevens. De kwetsbaarheid heeft een CVSS-score van 6.1, wat duidt op een gematigde ernst.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CWE-840",
"title": "CWE-840"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle JD Edwards EnterpriseOne Tools",
"tracking": {
"current_release_date": "2025-10-23T13:53:27.268400Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0338",
"initial_release_date": "2025-10-23T13:53:27.268400Z",
"revision_history": [
{
"date": "2025-10-23T13:53:27.268400Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "JD Edwards"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "JD Edwards EnterpriseOne Orchestrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "JD Edwards EnterpriseOne Tools"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22897",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "other",
"text": "CWE-840",
"title": "CWE-840"
},
{
"category": "other",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "description",
"text": "Multiple vulnerabilities in libcurl and TensorFlow dependencies expose sensitive data and require updates to address security issues across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-22897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-22897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Low-level GF(2^m) elliptic curve APIs in OpenSSL and other Oracle products present vulnerabilities, including out-of-bounds memory access and unauthorized data access, with varying severity across different applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-9143.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access, data corruption, and manipulation risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-52046",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache MINA, Oracle Middleware, JD Edwards, NetApp products, and HPE Telco IP Mediation expose systems to remote code execution, unauthorized access, and potential data compromise, with CVSS scores reaching 9.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52046 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-52046.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53056",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53056 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53056"
},
{
"cve": "CVE-2025-53060",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53060"
}
]
}
NCSC-2026-0026
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:06 - Updated: 2026-01-21 10:06Summary
Kwetsbaarheden verholpen in Oracle Enterprise Manager
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Enterprise Manager Base Platform en Oracle Application Testing Suite.
Interpretaties: De kwetsbaarheden stellen niet-geauthenticeerde aanvallers in staat om ongeautoriseerde toegang te verkrijgen, of kunnen leiden tot een gedeeltelijke denial-of-service via HTTP.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-404: Improper Resource Shutdown or Release
CWE-674: Uncontrolled Recursion
Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.
7.2 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Application Testing Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Manager Base Platform
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Application Testing Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Manager Base Platform
|
vers:unknown/* |
References
3 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Enterprise Manager Base Platform en Oracle Application Testing Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen niet-geauthenticeerde aanvallers in staat om ongeautoriseerde toegang te verkrijgen, of kunnen leiden tot een gedeeltelijke denial-of-service via HTTP. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Enterprise Manager ",
"tracking": {
"current_release_date": "2026-01-21T10:06:27.920991Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0026",
"initial_release_date": "2026-01-21T10:06:27.920991Z",
"revision_history": [
{
"date": "2026-01-21T10:06:27.920991Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Application Testing Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Manager Base Platform"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-48924"
}
]
}
NCSC-2026-0027
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.
Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-117: Improper Output Neutralization for Logs
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-252: Unchecked Return Value
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-289: Authentication Bypass by Alternate Name
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-457: Use of Uninitialized Variable
CWE-476: NULL Pointer Dereference
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-827: Improper Control of Document Type Definition
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.
7.8 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.
7.2 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.
8.6 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
5.9 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.
6.3 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.
5.8 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft's OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
References
29 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpujan2026.html | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2026-01-21T10:08:59.379774Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0027",
"initial_release_date": "2026-01-21T10:08:59.379774Z",
"revision_history": [
{
"date": "2026-01-21T10:08:59.379774Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Identity Manager Connector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Unified Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Enterprise Capture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Service Delivery Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "WebCenter Sites"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-45105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"notes": [
{
"category": "description",
"text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"notes": [
{
"category": "description",
"text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2026-21962"
}
]
}
OPENSUSE-SU-2025:15160-1
Vulnerability from csaf_opensuse - Published: 2025-05-26 00:00 - Updated: 2025-05-26 00:00Summary
jetty-annotations-9.4.57-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: jetty-annotations-9.4.57-1.1 on GA media
Description of the patch: These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15160
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
120 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
120 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://www.suse.com/security/cve/CVE-2024-13009/ | self |
| https://www.suse.com/security/cve/CVE-2024-6763/ | self |
| https://www.suse.com/security/cve/CVE-2024-13009 | external |
| https://bugzilla.suse.com/1243271 | external |
| https://www.suse.com/security/cve/CVE-2024-6763 | external |
| https://bugzilla.suse.com/1231652 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.57-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15160",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15160-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15160-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15160-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHGGC7B6PWN2UBH367C4SXP6PWNDYAXM/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6763/"
}
],
"title": "jetty-annotations-9.4.57-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-26T00:00:00Z",
"generator": {
"date": "2025-05-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15160-1",
"initial_release_date": "2025-05-26T00:00:00Z",
"revision_history": [
{
"date": "2025-05-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.57-1.1.aarch64",
"product_id": "jetty-annotations-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.57-1.1.aarch64",
"product_id": "jetty-ant-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.57-1.1.aarch64",
"product_id": "jetty-cdi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.57-1.1.aarch64",
"product_id": "jetty-client-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.57-1.1.aarch64",
"product_id": "jetty-continuation-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.57-1.1.aarch64",
"product_id": "jetty-deploy-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.57-1.1.aarch64",
"product_id": "jetty-http-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.57-1.1.aarch64",
"product_id": "jetty-io-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.57-1.1.aarch64",
"product_id": "jetty-jaas-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.57-1.1.aarch64",
"product_id": "jetty-jmx-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.57-1.1.aarch64",
"product_id": "jetty-jndi-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.57-1.1.aarch64",
"product_id": "jetty-jsp-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.57-1.1.aarch64",
"product_id": "jetty-openid-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.57-1.1.aarch64",
"product_id": "jetty-plus-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-project-9.4.57-1.1.aarch64",
"product_id": "jetty-project-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.57-1.1.aarch64",
"product_id": "jetty-proxy-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.57-1.1.aarch64",
"product_id": "jetty-security-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.57-1.1.aarch64",
"product_id": "jetty-server-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.57-1.1.aarch64",
"product_id": "jetty-servlet-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.57-1.1.aarch64",
"product_id": "jetty-servlets-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.57-1.1.aarch64",
"product_id": "jetty-start-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.57-1.1.aarch64",
"product_id": "jetty-util-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.57-1.1.aarch64",
"product_id": "jetty-webapp-9.4.57-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.57-1.1.aarch64",
"product_id": "jetty-xml-9.4.57-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.57-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.57-1.1.ppc64le",
"product_id": "jetty-ant-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.57-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.57-1.1.ppc64le",
"product_id": "jetty-client-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.57-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.57-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.57-1.1.ppc64le",
"product_id": "jetty-http-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.57-1.1.ppc64le",
"product_id": "jetty-io-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.57-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.57-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.57-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.57-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.57-1.1.ppc64le",
"product_id": "jetty-openid-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.57-1.1.ppc64le",
"product_id": "jetty-plus-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-project-9.4.57-1.1.ppc64le",
"product_id": "jetty-project-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.57-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.57-1.1.ppc64le",
"product_id": "jetty-security-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.57-1.1.ppc64le",
"product_id": "jetty-server-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.57-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.57-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.57-1.1.ppc64le",
"product_id": "jetty-start-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.57-1.1.ppc64le",
"product_id": "jetty-util-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.57-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.57-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.57-1.1.ppc64le",
"product_id": "jetty-xml-9.4.57-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.57-1.1.s390x",
"product_id": "jetty-annotations-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.57-1.1.s390x",
"product_id": "jetty-ant-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.57-1.1.s390x",
"product_id": "jetty-cdi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.s390x",
"product": {
"name": "jetty-client-9.4.57-1.1.s390x",
"product_id": "jetty-client-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.57-1.1.s390x",
"product_id": "jetty-continuation-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.57-1.1.s390x",
"product_id": "jetty-deploy-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.s390x",
"product_id": "jetty-fcgi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.s390x",
"product": {
"name": "jetty-http-9.4.57-1.1.s390x",
"product_id": "jetty-http-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.s390x",
"product_id": "jetty-http-spi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.s390x",
"product": {
"name": "jetty-io-9.4.57-1.1.s390x",
"product_id": "jetty-io-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.57-1.1.s390x",
"product_id": "jetty-jaas-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.57-1.1.s390x",
"product_id": "jetty-jmx-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.57-1.1.s390x",
"product_id": "jetty-jndi-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.57-1.1.s390x",
"product_id": "jetty-jsp-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.57-1.1.s390x",
"product_id": "jetty-openid-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.57-1.1.s390x",
"product_id": "jetty-plus-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.s390x",
"product": {
"name": "jetty-project-9.4.57-1.1.s390x",
"product_id": "jetty-project-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.57-1.1.s390x",
"product_id": "jetty-proxy-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.s390x",
"product_id": "jetty-quickstart-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.s390x",
"product_id": "jetty-rewrite-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.s390x",
"product": {
"name": "jetty-security-9.4.57-1.1.s390x",
"product_id": "jetty-security-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.s390x",
"product": {
"name": "jetty-server-9.4.57-1.1.s390x",
"product_id": "jetty-server-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.57-1.1.s390x",
"product_id": "jetty-servlet-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.57-1.1.s390x",
"product_id": "jetty-servlets-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.s390x",
"product": {
"name": "jetty-start-9.4.57-1.1.s390x",
"product_id": "jetty-start-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.s390x",
"product": {
"name": "jetty-util-9.4.57-1.1.s390x",
"product_id": "jetty-util-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.57-1.1.s390x",
"product_id": "jetty-webapp-9.4.57-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.57-1.1.s390x",
"product_id": "jetty-xml-9.4.57-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.57-1.1.x86_64",
"product_id": "jetty-annotations-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.57-1.1.x86_64",
"product_id": "jetty-ant-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.57-1.1.x86_64",
"product_id": "jetty-cdi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.57-1.1.x86_64",
"product_id": "jetty-client-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.57-1.1.x86_64",
"product_id": "jetty-continuation-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.57-1.1.x86_64",
"product_id": "jetty-deploy-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.57-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.57-1.1.x86_64",
"product_id": "jetty-http-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.57-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.57-1.1.x86_64",
"product_id": "jetty-io-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.57-1.1.x86_64",
"product_id": "jetty-jaas-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.57-1.1.x86_64",
"product_id": "jetty-jmx-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.57-1.1.x86_64",
"product_id": "jetty-jndi-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.57-1.1.x86_64",
"product_id": "jetty-jsp-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.57-1.1.x86_64",
"product_id": "jetty-openid-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.57-1.1.x86_64",
"product_id": "jetty-plus-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-project-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-project-9.4.57-1.1.x86_64",
"product_id": "jetty-project-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.57-1.1.x86_64",
"product_id": "jetty-proxy-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.57-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.57-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.57-1.1.x86_64",
"product_id": "jetty-security-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.57-1.1.x86_64",
"product_id": "jetty-server-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.57-1.1.x86_64",
"product_id": "jetty-servlet-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.57-1.1.x86_64",
"product_id": "jetty-servlets-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.57-1.1.x86_64",
"product_id": "jetty-start-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.57-1.1.x86_64",
"product_id": "jetty-util-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.57-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.57-1.1.x86_64",
"product_id": "jetty-webapp-9.4.57-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.57-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.57-1.1.x86_64",
"product_id": "jetty-xml-9.4.57-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x"
},
"product_reference": "jetty-client-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x"
},
"product_reference": "jetty-http-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x"
},
"product_reference": "jetty-io-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-project-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-project-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x"
},
"product_reference": "jetty-project-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-project-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-project-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x"
},
"product_reference": "jetty-security-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x"
},
"product_reference": "jetty-server-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x"
},
"product_reference": "jetty-start-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x"
},
"product_reference": "jetty-util-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.57-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.57-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.57-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.57-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.57-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13009"
}
],
"notes": [
{
"category": "general",
"text": "** UNSUPPPORTED WHEN ASSIGNED ** In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request\nbody. This can result in corrupted and/or inadvertent sharing of data between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13009",
"url": "https://www.suse.com/security/cve/CVE-2024-13009"
},
{
"category": "external",
"summary": "SUSE Bug 1243271 for CVE-2024-13009",
"url": "https://bugzilla.suse.com/1243271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-6763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6763"
}
],
"notes": [
{
"category": "general",
"text": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6763",
"url": "https://www.suse.com/security/cve/CVE-2024-6763"
},
{
"category": "external",
"summary": "SUSE Bug 1231652 for CVE-2024-6763",
"url": "https://bugzilla.suse.com/1231652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-project-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.57-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.57-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-6763"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…