Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-29025 (GCVE-0-2024-29025)
Vulnerability from cvelistv5 – Published: 2024-03-25 20:09 – Updated: 2025-02-13 17:47
VLAI
EPSS
Title
Netty HttpPostRequestDecoder can OOM
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/netty/netty/commit/0d0c6ed782d… | x_refsource_MISC |
| https://gist.github.com/vietj/f558b8ea81ec6505f1e… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netty",
"vendor": "netty",
"versions": [
{
"lessThan": "4.1.108.Final",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T15:54:48.153095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T21:08:16.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"name": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"name": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.108.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T22:06:06.551Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"name": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"name": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html"
}
],
"source": {
"advisory": "GHSA-5jpm-x58v-624v",
"discovery": "UNKNOWN"
},
"title": "Netty HttpPostRequestDecoder can OOM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29025",
"datePublished": "2024-03-25T20:09:35.156Z",
"dateReserved": "2024-03-14T16:59:47.611Z",
"dateUpdated": "2025-02-13T17:47:35.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-29025",
"date": "2026-06-18",
"epss": "0.0138",
"percentile": "0.68567"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.\"}, {\"lang\": \"es\", \"value\": \"Netty es un framework de aplicaci\\u00f3n de red as\\u00edncrono impulsado por eventos para el desarrollo r\\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles. Se puede enga\\u00f1ar al `HttpPostRequestDecoder` para que acumule datos. Si bien el decodificador puede almacenar elementos en el disco si est\\u00e1 configurado as\\u00ed, no hay l\\u00edmites para la cantidad de campos que puede tener el formulario, un adjunto puede enviar una publicaci\\u00f3n fragmentada que consta de muchos campos peque\\u00f1os que se acumular\\u00e1n en la lista `bodyListHttpData`. El decodificador acumula bytes en el b\\u00fafer `undecodedChunk` hasta que puede decodificar un campo, este campo puede acumular datos sin l\\u00edmites. Esta vulnerabilidad se soluciona en 4.1.108.Final.\"}]",
"id": "CVE-2024-29025",
"lastModified": "2024-11-21T09:07:23.890",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2024-03-25T20:15:08.797",
"references": "[{\"url\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-29025\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-25T20:15:08.797\",\"lastModified\":\"2025-09-19T15:10:53.740\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.\"},{\"lang\":\"es\",\"value\":\"Netty es un framework de aplicaci\u00f3n de red as\u00edncrono impulsado por eventos para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles. Se puede enga\u00f1ar al `HttpPostRequestDecoder` para que acumule datos. Si bien el decodificador puede almacenar elementos en el disco si est\u00e1 configurado as\u00ed, no hay l\u00edmites para la cantidad de campos que puede tener el formulario, un adjunto puede enviar una publicaci\u00f3n fragmentada que consta de muchos campos peque\u00f1os que se acumular\u00e1n en la lista `bodyListHttpData`. El decodificador acumula bytes en el b\u00fafer `undecodedChunk` hasta que puede decodificar un campo, este campo puede acumular datos sin l\u00edmites. Esta vulnerabilidad se soluciona en 4.1.108.Final.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.108\",\"matchCriteriaId\":\"CF78319A-FCF4-405B-90AE-9EDBB2AA55AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\",\"Exploit\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Exploit\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"name\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"name\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:03:51.668Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29025\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T15:54:48.153095Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\"], \"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.1.108.Final\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T15:56:50.341Z\"}}], \"cna\": {\"title\": \"Netty HttpPostRequestDecoder can OOM\", \"source\": {\"advisory\": \"GHSA-5jpm-x58v-624v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.1.108.Final\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"name\": \"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"name\": \"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-25T20:09:35.156Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-29025\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:03:51.668Z\", \"dateReserved\": \"2024-03-14T16:59:47.611Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-25T20:09:35.156Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024_9571
Vulnerability from csaf_redhat - Published: 2024-11-13 16:21 - Updated: 2024-12-17 08:38Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Severity
Moderate
Notes
Topic: Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.8.0
Red Hat / Streams for Apache Kafka
|
cpe:/a:redhat:amq_streams:2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
69 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server\u0027s hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9571",
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "2308606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308606"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2316271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316271"
},
{
"category": "external",
"summary": "2318564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318564"
},
{
"category": "external",
"summary": "2318565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318565"
},
{
"category": "external",
"summary": "ASUI-91",
"url": "https://issues.redhat.com/browse/ASUI-91"
},
{
"category": "external",
"summary": "ENTMQST-2632",
"url": "https://issues.redhat.com/browse/ENTMQST-2632"
},
{
"category": "external",
"summary": "ENTMQST-3288",
"url": "https://issues.redhat.com/browse/ENTMQST-3288"
},
{
"category": "external",
"summary": "ENTMQST-4019",
"url": "https://issues.redhat.com/browse/ENTMQST-4019"
},
{
"category": "external",
"summary": "ENTMQST-5199",
"url": "https://issues.redhat.com/browse/ENTMQST-5199"
},
{
"category": "external",
"summary": "ENTMQST-5669",
"url": "https://issues.redhat.com/browse/ENTMQST-5669"
},
{
"category": "external",
"summary": "ENTMQST-5674",
"url": "https://issues.redhat.com/browse/ENTMQST-5674"
},
{
"category": "external",
"summary": "ENTMQST-5740",
"url": "https://issues.redhat.com/browse/ENTMQST-5740"
},
{
"category": "external",
"summary": "ENTMQST-5789",
"url": "https://issues.redhat.com/browse/ENTMQST-5789"
},
{
"category": "external",
"summary": "ENTMQST-5843",
"url": "https://issues.redhat.com/browse/ENTMQST-5843"
},
{
"category": "external",
"summary": "ENTMQST-5850",
"url": "https://issues.redhat.com/browse/ENTMQST-5850"
},
{
"category": "external",
"summary": "ENTMQST-5863",
"url": "https://issues.redhat.com/browse/ENTMQST-5863"
},
{
"category": "external",
"summary": "ENTMQST-5865",
"url": "https://issues.redhat.com/browse/ENTMQST-5865"
},
{
"category": "external",
"summary": "ENTMQST-5915",
"url": "https://issues.redhat.com/browse/ENTMQST-5915"
},
{
"category": "external",
"summary": "ENTMQST-6028",
"url": "https://issues.redhat.com/browse/ENTMQST-6028"
},
{
"category": "external",
"summary": "ENTMQST-6032",
"url": "https://issues.redhat.com/browse/ENTMQST-6032"
},
{
"category": "external",
"summary": "ENTMQST-6129",
"url": "https://issues.redhat.com/browse/ENTMQST-6129"
},
{
"category": "external",
"summary": "ENTMQST-6183",
"url": "https://issues.redhat.com/browse/ENTMQST-6183"
},
{
"category": "external",
"summary": "ENTMQST-6205",
"url": "https://issues.redhat.com/browse/ENTMQST-6205"
},
{
"category": "external",
"summary": "ENTMQST-6225",
"url": "https://issues.redhat.com/browse/ENTMQST-6225"
},
{
"category": "external",
"summary": "ENTMQST-6341",
"url": "https://issues.redhat.com/browse/ENTMQST-6341"
},
{
"category": "external",
"summary": "ENTMQST-6421",
"url": "https://issues.redhat.com/browse/ENTMQST-6421"
},
{
"category": "external",
"summary": "ENTMQST-6422",
"url": "https://issues.redhat.com/browse/ENTMQST-6422"
},
{
"category": "external",
"summary": "ENTMQSTPR-43",
"url": "https://issues.redhat.com/browse/ENTMQSTPR-43"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update",
"tracking": {
"current_release_date": "2024-12-17T08:38:18+00:00",
"generator": {
"date": "2024-12-17T08:38:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9571",
"initial_release_date": "2024-11-13T16:21:03+00:00",
"revision_history": [
{
"date": "2024-11-13T16:21:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-13T16:21:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T08:38:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 2.8.0",
"product": {
"name": "Streams for Apache Kafka 2.8.0",
"product_id": "Streams for Apache Kafka 2.8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2"
}
}
}
],
"category": "product_family",
"name": "Streams for Apache Kafka"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2024-8184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-14T16:01:01.239238+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty\u0027s ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8184"
},
{
"category": "external",
"summary": "RHBZ#2318564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/pull/11723",
"url": "https://github.com/jetty/jetty.project/pull/11723"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30"
}
],
"release_date": "2024-10-14T15:09:37.861000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks"
},
{
"cve": "CVE-2024-8285",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"discovery_date": "2024-08-29T22:39:10.882000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server\u0027s hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kroxylicious: Missing upstream Kafka TLS hostname verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat have considered this vulnerability as a \u0027Moderate\u0027 severity given the complexity and the permission level required to perform a successful attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8285"
},
{
"category": "external",
"summary": "RHBZ#2308606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8285"
}
],
"release_date": "2024-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kroxylicious: Missing upstream Kafka TLS hostname verification"
},
{
"cve": "CVE-2024-9823",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-14T16:01:06.545771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318565"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-9823"
},
{
"category": "external",
"summary": "RHBZ#2318565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/issues/1256",
"url": "https://github.com/jetty/jetty.project/issues/1256"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39"
}
],
"release_date": "2024-10-14T15:03:02.293000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-03T12:00:40.921058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316271"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47554"
},
{
"category": "external",
"summary": "RHBZ#2316271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1",
"url": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1"
}
],
"release_date": "2024-10-03T11:32:48.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-13T16:21:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader"
}
]
}
SUSE-SU-2024:1079-1
Vulnerability from csaf_suse - Published: 2024-04-02 03:52 - Updated: 2024-04-02 03:52Summary
Security update for netty, netty-tcnative
Severity
Important
Notes
Title of the patch: Security update for netty, netty-tcnative
Description of the patch: This update for netty, netty-tcnative fixes the following issues:
- CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045).
Patchnames: SUSE-2024-1079,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1079,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1079,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1079,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1079,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1079,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1079,SUSE-Storage-7.1-2024-1079,openSUSE-SLE-15.5-2024-1079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
49 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-javadoc-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-poms-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-javadoc-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-poms-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netty, netty-tcnative",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netty, netty-tcnative fixes the following issues:\n\n- CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1079,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1079,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1079,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1079,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1079,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1079,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1079,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1079,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1079,SUSE-Storage-7.1-2024-1079,openSUSE-SLE-15.5-2024-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1079-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1079-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241079-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1079-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034828.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222045",
"url": "https://bugzilla.suse.com/1222045"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29025/"
}
],
"title": "Security update for netty, netty-tcnative",
"tracking": {
"current_release_date": "2024-04-02T03:52:09Z",
"generator": {
"date": "2024-04-02T03:52:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1079-1",
"initial_release_date": "2024-04-02T03:52:09Z",
"revision_history": [
{
"date": "2024-04-02T03:52:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.aarch64",
"product": {
"name": "netty-4.1.108-150200.4.23.1.aarch64",
"product_id": "netty-4.1.108-150200.4.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.i586",
"product": {
"name": "netty-4.1.108-150200.4.23.1.i586",
"product_id": "netty-4.1.108-150200.4.23.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.i586",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.i586",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"product": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"product_id": "netty-javadoc-4.1.108-150200.4.23.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.108-150200.4.23.1.noarch",
"product": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch",
"product_id": "netty-poms-4.1.108-150200.4.23.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"product": {
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"product_id": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.ppc64le",
"product": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le",
"product_id": "netty-4.1.108-150200.4.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.s390x",
"product": {
"name": "netty-4.1.108-150200.4.23.1.s390x",
"product_id": "netty-4.1.108-150200.4.23.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.x86_64",
"product": {
"name": "netty-4.1.108-150200.4.23.1.x86_64",
"product_id": "netty-4.1.108-150200.4.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.aarch64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.ppc64le"
},
"product_reference": "netty-4.1.108-150200.4.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.s390x"
},
"product_reference": "netty-4.1.108-150200.4.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.x86_64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-javadoc-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-poms-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-poms-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.aarch64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.ppc64le"
},
"product_reference": "netty-4.1.108-150200.4.23.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.s390x"
},
"product_reference": "netty-4.1.108-150200.4.23.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.x86_64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-javadoc-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-poms-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-poms-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
},
"product_reference": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29025"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-poms-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29025",
"url": "https://www.suse.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "SUSE Bug 1222045 for CVE-2024-29025",
"url": "https://bugzilla.suse.com/1222045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-poms-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:netty-poms-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.5:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.5:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.5:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.5:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-02T03:52:09Z",
"details": "important"
}
],
"title": "CVE-2024-29025"
}
]
}
SUSE-SU-2024:1079-2
Vulnerability from csaf_suse - Published: 2024-06-18 11:04 - Updated: 2024-06-18 11:04Summary
Security update for netty, netty-tcnative
Severity
Important
Notes
Title of the patch: Security update for netty, netty-tcnative
Description of the patch: This update for netty, netty-tcnative fixes the following issues:
- CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045).
Patchnames: SUSE-2024-1079,SUSE-SLE-Module-Development-Tools-15-SP6-2024-1079,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1079,openSUSE-SLE-15.6-2024-1079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-poms-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-javadoc-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-poms-4.1.108-150200.4.23.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netty, netty-tcnative",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netty, netty-tcnative fixes the following issues:\n\n- CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1079,SUSE-SLE-Module-Development-Tools-15-SP6-2024-1079,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1079,openSUSE-SLE-15.6-2024-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1079-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1079-2",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241079-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1079-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019248.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222045",
"url": "https://bugzilla.suse.com/1222045"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29025/"
}
],
"title": "Security update for netty, netty-tcnative",
"tracking": {
"current_release_date": "2024-06-18T11:04:38Z",
"generator": {
"date": "2024-06-18T11:04:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1079-2",
"initial_release_date": "2024-06-18T11:04:38Z",
"revision_history": [
{
"date": "2024-06-18T11:04:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.aarch64",
"product": {
"name": "netty-4.1.108-150200.4.23.1.aarch64",
"product_id": "netty-4.1.108-150200.4.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.i586",
"product": {
"name": "netty-4.1.108-150200.4.23.1.i586",
"product_id": "netty-4.1.108-150200.4.23.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.i586",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.i586",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"product": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"product_id": "netty-javadoc-4.1.108-150200.4.23.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.108-150200.4.23.1.noarch",
"product": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch",
"product_id": "netty-poms-4.1.108-150200.4.23.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"product": {
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"product_id": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.ppc64le",
"product": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le",
"product_id": "netty-4.1.108-150200.4.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.s390x",
"product": {
"name": "netty-4.1.108-150200.4.23.1.s390x",
"product_id": "netty-4.1.108-150200.4.23.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.108-150200.4.23.1.x86_64",
"product": {
"name": "netty-4.1.108-150200.4.23.1.x86_64",
"product_id": "netty-4.1.108-150200.4.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"product": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"product_id": "netty-tcnative-2.0.65-150200.3.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.aarch64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.ppc64le"
},
"product_reference": "netty-4.1.108-150200.4.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.s390x"
},
"product_reference": "netty-4.1.108-150200.4.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.x86_64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-poms-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-poms-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.aarch64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.ppc64le"
},
"product_reference": "netty-4.1.108-150200.4.23.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.s390x"
},
"product_reference": "netty-4.1.108-150200.4.23.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.108-150200.4.23.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.x86_64"
},
"product_reference": "netty-4.1.108-150200.4.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.108-150200.4.23.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-javadoc-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-javadoc-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.108-150200.4.23.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-poms-4.1.108-150200.4.23.1.noarch"
},
"product_reference": "netty-poms-4.1.108-150200.4.23.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.s390x"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.65-150200.3.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
},
"product_reference": "netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29025"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29025",
"url": "https://www.suse.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "SUSE Bug 1222045 for CVE-2024-29025",
"url": "https://bugzilla.suse.com/1222045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.108-150200.4.23.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.s390x",
"openSUSE Leap 15.6:netty-4.1.108-150200.4.23.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-poms-4.1.108-150200.4.23.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.65-150200.3.19.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.65-150200.3.19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-18T11:04:38Z",
"details": "important"
}
],
"title": "CVE-2024-29025"
}
]
}
SUSE-SU-2024:2313-1
Vulnerability from csaf_suse - Published: 2024-07-08 08:35 - Updated: 2024-07-08 08:35Summary
Security update for netty3
Severity
Important
Notes
Title of the patch: Security update for netty3
Description of the patch: This update for netty3 fixes the following issues:
- CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045).
Patchnames: SUSE-2024-2313,SUSE-SLE-Module-Development-Tools-15-SP5-2024-2313,SUSE-SLE-Module-Development-Tools-15-SP6-2024-2313,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2313,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2313,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2313,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2313,SUSE-Storage-7.1-2024-2313,openSUSE-SLE-15.5-2024-2313,openSUSE-SLE-15.6-2024-2313
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:netty3-javadoc-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty3-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty3-javadoc-3.10.6-150200.3.10.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netty3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netty3 fixes the following issues:\n\n- CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2313,SUSE-SLE-Module-Development-Tools-15-SP5-2024-2313,SUSE-SLE-Module-Development-Tools-15-SP6-2024-2313,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2313,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2313,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2313,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2313,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2313,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2313,SUSE-Storage-7.1-2024-2313,openSUSE-SLE-15.5-2024-2313,openSUSE-SLE-15.6-2024-2313",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2313-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2313-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242313-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2313-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-July/035840.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222045",
"url": "https://bugzilla.suse.com/1222045"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29025/"
}
],
"title": "Security update for netty3",
"tracking": {
"current_release_date": "2024-07-08T08:35:26Z",
"generator": {
"date": "2024-07-08T08:35:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2313-1",
"initial_release_date": "2024-07-08T08:35:26Z",
"revision_history": [
{
"date": "2024-07-08T08:35:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty3-3.10.6-150200.3.10.1.noarch",
"product": {
"name": "netty3-3.10.6-150200.3.10.1.noarch",
"product_id": "netty3-3.10.6-150200.3.10.1.noarch"
}
},
{
"category": "product_version",
"name": "netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"product": {
"name": "netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"product_id": "netty3-javadoc-3.10.6-150200.3.10.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-javadoc-3.10.6-150200.3.10.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:netty3-javadoc-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-3.10.6-150200.3.10.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty3-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty3-javadoc-3.10.6-150200.3.10.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty3-javadoc-3.10.6-150200.3.10.1.noarch"
},
"product_reference": "netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29025"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-javadoc-3.10.6-150200.3.10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29025",
"url": "https://www.suse.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "SUSE Bug 1222045 for CVE-2024-29025",
"url": "https://bugzilla.suse.com/1222045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-javadoc-3.10.6-150200.3.10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty3-3.10.6-150200.3.10.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.5:netty3-javadoc-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-3.10.6-150200.3.10.1.noarch",
"openSUSE Leap 15.6:netty3-javadoc-3.10.6-150200.3.10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-08T08:35:26Z",
"details": "important"
}
],
"title": "CVE-2024-29025"
}
]
}
WID-SEC-W-2024-1068
Vulnerability from csaf_certbund - Published: 2024-05-07 22:00 - Updated: 2026-03-31 22:00Summary
Red Hat Enterprise Linux (Quarkus and Netty): Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift und Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
IBM Spectrum Protect Plus <10.1.6.4
IBM / Spectrum Protect Plus
|
<10.1.6.4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Hitachi Ops Center <11.0.4-00
Hitachi / Ops Center
|
<11.0.4-00 | ||
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
IBM Spectrum Protect Plus <10.1.6.4
IBM / Spectrum Protect Plus
|
<10.1.6.4 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Hitachi Ops Center <11.0.4-00
Hitachi / Ops Center
|
<11.0.4-00 | ||
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift und Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1068 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1068.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1068 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2106"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2705 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2705"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2833 vom 2024-05-14",
"url": "https://access.redhat.com/errata/RHSA-2024:2833"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2852 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2852"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2834 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2834"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3527 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3527"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3550 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4028 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4028"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3834 vom 2024-06-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2313-1 vom 2024-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018880.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4460 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4460"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4873 vom 2024-07-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5143 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5144 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5144"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5145 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5145"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5147 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5481 vom 2024-08-16",
"url": "https://access.redhat.com/errata/RHSA-2024:5481"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5479 vom 2024-08-16",
"url": "https://access.redhat.com/errata/RHSA-2024:5479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5482 vom 2024-08-16",
"url": "https://access.redhat.com/errata/RHSA-2024:5482"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6657 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6657"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14442-1 vom 2024-10-31",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TNFN6MBU4SQLAGX7GNFLRGTPGY3IBHZG/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:9571"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
"url": "https://www.ibm.com/support/pages/node/7180361"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7284-1 vom 2025-02-24",
"url": "https://ubuntu.com/security/notices/USN-7284-1"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-113 vom 2025-05-15",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-113/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4519 vom 2026-03-31",
"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00023.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Quarkus and Netty): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-31T22:00:00.000+00:00",
"generator": {
"date": "2026-04-01T09:19:29.035+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-1068",
"initial_release_date": "2024-05-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-15T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-12T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-06T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "23"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.4-00",
"product": {
"name": "Hitachi Ops Center \u003c11.0.4-00",
"product_id": "T043089"
}
},
{
"category": "product_version",
"name": "11.0.4-00",
"product": {
"name": "Hitachi Ops Center 11.0.4-00",
"product_id": "T043089-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:11.0.4-00"
}
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
"product_id": "T040030"
}
},
{
"category": "product_version",
"name": "10.1.6.4",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.6.4",
"product_id": "T040030-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Quarkus",
"product": {
"name": "Red Hat Enterprise Linux Quarkus",
"product_id": "T028364",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T034602",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel Extensions for Quarkus 1",
"product": {
"name": "Red Hat Integration Camel Extensions for Quarkus 1",
"product_id": "T026453",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T034601",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2700",
"product_status": {
"known_affected": [
"T034602",
"T028364",
"T034601",
"T040030",
"2951",
"T002207",
"67646",
"T000126",
"T021415",
"T027843",
"T043089",
"T026453"
]
},
"release_date": "2024-05-07T22:00:00.000+00:00",
"title": "CVE-2024-2700"
},
{
"cve": "CVE-2024-29025",
"product_status": {
"known_affected": [
"T034602",
"T028364",
"T034601",
"T040030",
"2951",
"T002207",
"67646",
"T000126",
"T021415",
"T027843",
"T043089",
"T026453"
]
},
"release_date": "2024-05-07T22:00:00.000+00:00",
"title": "CVE-2024-29025"
}
]
}
WID-SEC-W-2024-1360
Vulnerability from csaf_certbund - Published: 2024-06-11 22:00 - Updated: 2026-01-25 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1360 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1360.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1360 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1360"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156844 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156844"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156845 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156845"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156846 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156846"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156847 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156847"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156848 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156848"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156849 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156849"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156850 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156850"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156851 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156851"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156852 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156852"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - June 18 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159926 vom 2024-07-10",
"url": "https://www.ibm.com/support/pages/node/7159926"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7167605 vom 2024-09-05",
"url": "https://www.ibm.com/support/pages/node/7167605"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7168022 vom 2024-09-10",
"url": "https://www.ibm.com/support/pages/node/7168022"
},
{
"category": "external",
"summary": "HCL Security Advisory vom 2024-11-30",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=ab451f7ffb0a5210db10f2797befdcca"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7257981 vom 2026-01-25",
"url": "https://www.ibm.com/support/pages/node/7257981"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-25T23:00:00.000+00:00",
"generator": {
"date": "2026-01-26T09:36:06.989+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-1360",
"initial_release_date": "2024-06-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-12-01T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Dell und IBM aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c8.9.3",
"product": {
"name": "Atlassian Confluence Data Center \u003c8.9.3",
"product_id": "T035527"
}
},
{
"category": "product_version",
"name": "Data Center 8.9.3",
"product": {
"name": "Atlassian Confluence Data Center 8.9.3",
"product_id": "T035527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__8.9.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.11 LTS",
"product": {
"name": "Atlassian Confluence \u003c8.5.11 LTS",
"product_id": "T035530"
}
},
{
"category": "product_version",
"name": "8.5.11 LTS",
"product": {
"name": "Atlassian Confluence 8.5.11 LTS",
"product_id": "T035530-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.11_lts"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.24 LTS",
"product": {
"name": "Atlassian Confluence \u003c7.19.24 LTS",
"product_id": "T035531"
}
},
{
"category": "product_version",
"name": "7.19.24 LTS",
"product": {
"name": "Atlassian Confluence 7.19.24 LTS",
"product_id": "T035531-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.24_lts"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019293",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Big SQL",
"product": {
"name": "IBM DB2 Big SQL",
"product_id": "T022379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV10.5",
"product": {
"name": "IBM DB2 \u003cV10.5",
"product_id": "T035400"
}
},
{
"category": "product_version",
"name": "V10.5",
"product": {
"name": "IBM DB2 V10.5",
"product_id": "T035400-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v10.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV11.1",
"product": {
"name": "IBM DB2 \u003cV11.1",
"product_id": "T035401"
}
},
{
"category": "product_version",
"name": "V11.1",
"product": {
"name": "IBM DB2 V11.1",
"product_id": "T035401-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV11.5",
"product": {
"name": "IBM DB2 \u003cV11.5",
"product_id": "T035402"
}
},
{
"category": "product_version",
"name": "V11.5",
"product": {
"name": "IBM DB2 V11.5",
"product_id": "T035402-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "IBM License Metric Tool 9.2",
"product_id": "T027649",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.0.5 IF5",
"product": {
"name": "IBM Tivoli Business Service Manager \u003c6.2.0.5 IF5",
"product_id": "T037436"
}
},
{
"category": "product_version",
"name": "6.2.0.5 IF5",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0.5 IF5",
"product_id": "T037436-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5"
}
}
}
],
"category": "product_name",
"name": "Tivoli Business Service Manager"
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29267",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2023-29267"
},
{
"cve": "CVE-2023-45853",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2024-25710",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-28762",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-28762"
},
{
"cve": "CVE-2024-29025",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-31880",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-31880"
},
{
"cve": "CVE-2024-31881",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-31881"
},
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-29131",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-29133",
"product_status": {
"known_affected": [
"T035402",
"T050283",
"T027649",
"T022379",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29133"
}
]
}
WID-SEC-W-2024-1622
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-07-16 22:00Summary
Oracle Commerce: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Commerce ist eine elektronische Handelsplattform.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Windows
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Commerce 11.3.0
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.0
|
11.3.0 | |
|
Oracle Commerce 11.3.1
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.1
|
11.3.1 | |
|
Oracle Commerce 11.3.2
Oracle / Commerce
|
cpe:/a:oracle:commerce:11.3.2
|
11.3.2 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Commerce ist eine elektronische Handelsplattform.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1622 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1622.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1622 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1622"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Commerce vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixOCOM"
}
],
"source_lang": "en-US",
"title": "Oracle Commerce: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:21.987+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1622",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.3.0",
"product": {
"name": "Oracle Commerce 11.3.0",
"product_id": "T018931",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.0"
}
}
},
{
"category": "product_version",
"name": "11.3.1",
"product": {
"name": "Oracle Commerce 11.3.1",
"product_id": "T018932",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.1"
}
}
},
{
"category": "product_version",
"name": "11.3.2",
"product": {
"name": "Oracle Commerce 11.3.2",
"product_id": "T018933",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:commerce:11.3.2"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-28752",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018931",
"T018932",
"T018933"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
}
]
}
WID-SEC-W-2024-1637
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2026-06-01 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM FileNet Content Manager 5.5.8
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.8
|
5.5.8 | |
|
IBM FileNet Content Manager 5.6.0
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.6.0
|
5.6.0 | |
|
IBM FileNet Content Manager 5.5.12
IBM / FileNet Content Manager
|
cpe:/a:ibm:filenet_content_manager:5.5.12
|
5.5.12 | |
|
Oracle Fusion Middleware 12.2.1.19.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.19.0
|
12.2.1.19.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1637 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1637 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637"
},
{
"category": "external",
"summary": "PoC CVE-2024-21182 vom 2024-12-30",
"url": "https://github.com/k4it0k1d/CVE-2024-21182"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Fusion Middleware vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7184867 vom 2025-03-05",
"url": "https://www.ibm.com/support/pages/node/7184867"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2026-06-01",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-01T22:00:00.000+00:00",
"generator": {
"date": "2026-06-02T07:22:27.091+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2024-1637",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-30T23:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2024-21182 erg\u00e4nzt"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "4",
"summary": "Aktive Ausnutzung gemeldet"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5.5.8",
"product": {
"name": "IBM FileNet Content Manager 5.5.8",
"product_id": "1487483",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.8"
}
}
},
{
"category": "product_version",
"name": "5.5.12",
"product": {
"name": "IBM FileNet Content Manager 5.5.12",
"product_id": "T039291",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.5.12"
}
}
},
{
"category": "product_version",
"name": "5.6.0",
"product": {
"name": "IBM FileNet Content Manager 5.6.0",
"product_id": "T039292",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:5.6.0"
}
}
}
],
"category": "product_name",
"name": "FileNet Content Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
},
{
"category": "product_version",
"name": "12.2.1.19.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.19.0",
"product_id": "T036225",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.19.0"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-1945",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2020-1945"
},
{
"cve": "CVE-2021-29425",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-45378",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-45378"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29081",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-29081"
},
{
"cve": "CVE-2023-2976",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-34034",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-36478",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-36478"
},
{
"cve": "CVE-2023-45853",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-46750",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-46750"
},
{
"cve": "CVE-2023-4759",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-5072",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-6129",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2024-0853",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0853"
},
{
"cve": "CVE-2024-21133",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21133"
},
{
"cve": "CVE-2024-21175",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21175"
},
{
"cve": "CVE-2024-21181",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21181"
},
{
"cve": "CVE-2024-21182",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21182"
},
{
"cve": "CVE-2024-21183",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21183"
},
{
"cve": "CVE-2024-22201",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22243",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22243"
},
{
"cve": "CVE-2024-22259",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22259"
},
{
"cve": "CVE-2024-22262",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-25062",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-29025",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29857",
"product_status": {
"known_affected": [
"1487483",
"T039292",
"T039291",
"T036225",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29857"
}
]
}
WID-SEC-W-2024-1638
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-07-16 22:00Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Financial Services Applications 8.1.2.6
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6
|
8.1.2.6 | |
|
Oracle Financial Services Applications 6.1.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.1.0.0.0
|
6.1.0.0.0 | |
|
Oracle Financial Services Applications 2.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.4.0.0.0
|
2.4.0.0.0 | |
|
Oracle Financial Services Applications 2.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.7.0.0.0
|
2.7.0.0.0 | |
|
Oracle Financial Services Applications 2.12.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:2.12.0.0.0
|
2.12.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1
|
8.1.1 | |
|
Oracle Financial Services Applications 8.1.2.6.4
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.6.4
|
8.1.2.6.4 | |
|
Oracle Financial Services Applications 8.1.2.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7.3
|
8.1.2.7.3 | |
|
Oracle Financial Services Applications 6.0.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:6.0.0.0.0
|
6.0.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8
|
8.0.8 | |
|
Oracle Financial Services Applications 8.0.8.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.1
|
8.0.8.1 | |
|
Oracle Financial Services Applications 8.0.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7
|
8.0.7 | |
|
Oracle Financial Services Applications 8.0.7.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.7.3
|
8.0.7.3 | |
|
Oracle Financial Services Applications 8.1.2
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2
|
8.1.2 | |
|
Oracle Financial Services Applications 14.6.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.6.0.0.0
|
14.6.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.0
|
8.0.8.0 | |
|
Oracle Financial Services Applications 8.1.2.5
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.5
|
8.1.2.5 | |
|
Oracle Financial Services Applications 14.5.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.5.0.0.0
|
14.5.0.0.0 | |
|
Oracle Financial Services Applications 14.7.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.7.0.0.0
|
14.7.0.0.0 | |
|
Oracle Financial Services Applications 8.0.8.3
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.3
|
8.0.8.3 | |
|
Oracle Financial Services Applications 8.1.2.7
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.2.7
|
8.1.2.7 | |
|
Oracle Financial Services Applications 8.0.8.2.8
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.0.8.2.8
|
8.0.8.2.8 | |
|
Oracle Financial Services Applications 8.1.1.1.18
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1.18
|
8.1.1.1.18 | |
|
Oracle Financial Services Applications 14.4.0.0.0
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:14.4.0.0.0
|
14.4.0.0.0 | |
|
Oracle Financial Services Applications 8.1.1.1
Oracle / Financial Services Applications
|
cpe:/a:oracle:financial_services_applications:8.1.1.1
|
8.1.1.1 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1638 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1638.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1638 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1638"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Financial Services Applications vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:26.257+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1638",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1",
"product_id": "T019891",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1"
}
}
},
{
"category": "product_version",
"name": "8.0.7",
"product": {
"name": "Oracle Financial Services Applications 8.0.7",
"product_id": "T021676",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7"
}
}
},
{
"category": "product_version",
"name": "8.0.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.8",
"product_id": "T021677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
}
}
},
{
"category": "product_version",
"name": "8.1.1.1",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1",
"product_id": "T022835",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1"
}
}
},
{
"category": "product_version",
"name": "8.0.8.0",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.0",
"product_id": "T022841",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.0"
}
}
},
{
"category": "product_version",
"name": "8.0.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1",
"product_id": "T022844",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
}
}
},
{
"category": "product_version",
"name": "8.0.7.3",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.3",
"product_id": "T024989",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.3"
}
}
},
{
"category": "product_version",
"name": "14.7.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.0.0",
"product_id": "T028702",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2",
"product": {
"name": "Oracle Financial Services Applications 8.1.2",
"product_id": "T028705",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2"
}
}
},
{
"category": "product_version",
"name": "8.1.2.5",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.5",
"product_id": "T028706",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
}
}
},
{
"category": "product_version",
"name": "8.1.2.6",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.6",
"product_id": "T032104",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.6"
}
}
},
{
"category": "product_version",
"name": "14.5.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.5.0.0.0",
"product_id": "T034160",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.5.0.0.0"
}
}
},
{
"category": "product_version",
"name": "14.6.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.6.0.0.0",
"product_id": "T034161",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.12.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 2.12.0.0.0",
"product_id": "T034162",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.12.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.7.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 2.7.0.0.0",
"product_id": "T034163",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.7.0.0.0"
}
}
},
{
"category": "product_version",
"name": "14.4.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.4.0.0.0",
"product_id": "T036215",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.4.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.0.8.3",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.3",
"product_id": "T036216",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.3"
}
}
},
{
"category": "product_version",
"name": "8.1.2.7",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.7",
"product_id": "T036217",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7"
}
}
},
{
"category": "product_version",
"name": "8.0.8.2.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.2.8",
"product_id": "T036218",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2.8"
}
}
},
{
"category": "product_version",
"name": "8.1.1.1.18",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.1.18",
"product_id": "T036219",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1.18"
}
}
},
{
"category": "product_version",
"name": "8.1.2.6.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.6.4",
"product_id": "T036220",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.6.4"
}
}
},
{
"category": "product_version",
"name": "8.1.2.7.3",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.7.3",
"product_id": "T036221",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7.3"
}
}
},
{
"category": "product_version",
"name": "6.0.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 6.0.0.0.0",
"product_id": "T036222",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:6.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "6.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 6.1.0.0.0",
"product_id": "T036223",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:6.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.4.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 2.4.0.0.0",
"product_id": "T036224",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.4.0.0.0"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-36944",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-36944"
},
{
"cve": "CVE-2023-26031",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-26031"
},
{
"cve": "CVE-2023-34055",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-34055"
},
{
"cve": "CVE-2023-44483",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-47248",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-47248"
},
{
"cve": "CVE-2023-50447",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-50447"
},
{
"cve": "CVE-2023-51074",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-51074"
},
{
"cve": "CVE-2023-52425",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-6129",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2024-21188",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21188"
},
{
"cve": "CVE-2024-22201",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23807",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-24816",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24816"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-2511",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29133",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29133"
},
{
"cve": "CVE-2024-32114",
"notes": [
{
"category": "description",
"text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T032104",
"T036223",
"T036224",
"T034163",
"T034162",
"T019891",
"T036220",
"T036221",
"T036222",
"T021677",
"T022844",
"T021676",
"T024989",
"T028705",
"T034161",
"T022841",
"T028706",
"T034160",
"T028702",
"T036216",
"T036217",
"T036218",
"T036219",
"T036215",
"T022835"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-32114"
}
]
}
WID-SEC-W-2024-1642
Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2024-11-20 23:00Summary
Oracle Communications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 12.11.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.0
|
12.11.0 | |
|
Oracle Communications 4.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.1.0
|
4.1.0 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Communications 4.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.2.0
|
4.2.0 | |
|
Oracle Communications 9.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.2.0
|
9.2.0 | |
|
Oracle Communications 9.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.3.0
|
9.3.0 | |
|
Oracle Communications 23.4.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.1
|
23.4.1 | |
|
Oracle Communications 12.11.3
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.3
|
12.11.3 | |
|
Oracle Communications 12.11.4
Oracle / Communications
|
cpe:/a:oracle:communications:12.11.4
|
12.11.4 | |
|
Oracle Communications 10.5
Oracle / Communications
|
cpe:/a:oracle:communications:10.5
|
10.5 | |
|
Oracle Communications 24.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.2.0
|
24.2.0 | |
|
Oracle Communications 5.2
Oracle / Communications
|
cpe:/a:oracle:communications:5.2
|
5.2 | |
|
Oracle Communications 24.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:24.1.0
|
24.1.0 | |
|
Oracle Communications 46.6.4
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.4
|
46.6.4 | |
|
Oracle Communications 23.4.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.2
|
23.4.2 | |
|
Oracle Communications 46.6.5
Oracle / Communications
|
cpe:/a:oracle:communications:46.6.5
|
46.6.5 | |
|
Oracle Communications 15.0.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:15.0.0.0.0
|
15.0.0.0.0 | |
|
Oracle Communications 23.4.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.4.0
|
23.4.0 | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
23.1.0 | |
|
Oracle Communications 12.6.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.1.0.0
|
12.6.1.0.0 | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
5.1 |
Last affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <=23.4.3
Oracle / Communications
|
<=23.4.3 | ||
|
Oracle Communications <=23.4.4
Oracle / Communications
|
<=23.4.4 | ||
|
Oracle Communications <=8.6.0.6
Oracle / Communications
|
<=8.6.0.6 | ||
|
Oracle Communications <=8.6.0.8
Oracle / Communications
|
<=8.6.0.8 | ||
|
Oracle Communications <=9.0.3
Oracle / Communications
|
<=9.0.3 |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1642 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1642 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Communications vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6016 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9975 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9975"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9976 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9976"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T13:09:50.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1642",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_version",
"name": "12.6.1.0.0",
"product": {
"name": "Oracle Communications 12.6.1.0.0",
"product_id": "T027338",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "15.0.0.0.0",
"product": {
"name": "Oracle Communications 15.0.0.0.0",
"product_id": "T032090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.1",
"product": {
"name": "Oracle Communications 23.4.1",
"product_id": "T034143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.1"
}
}
},
{
"category": "product_version",
"name": "23.4.2",
"product": {
"name": "Oracle Communications 23.4.2",
"product_id": "T034144",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.3",
"product": {
"name": "Oracle Communications \u003c=23.4.3",
"product_id": "T036195-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.4",
"product": {
"name": "Oracle Communications \u003c=23.4.4",
"product_id": "T036196-fixed"
}
},
{
"category": "product_version",
"name": "24.2.0",
"product": {
"name": "Oracle Communications 24.2.0",
"product_id": "T036197",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.8",
"product": {
"name": "Oracle Communications \u003c=8.6.0.8",
"product_id": "T036198-fixed"
}
},
{
"category": "product_version",
"name": "46.6.4",
"product": {
"name": "Oracle Communications 46.6.4",
"product_id": "T036199",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.4"
}
}
},
{
"category": "product_version",
"name": "46.6.5",
"product": {
"name": "Oracle Communications 46.6.5",
"product_id": "T036200",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:46.6.5"
}
}
},
{
"category": "product_version",
"name": "12.11.3",
"product": {
"name": "Oracle Communications 12.11.3",
"product_id": "T036201",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.3"
}
}
},
{
"category": "product_version",
"name": "12.11.4",
"product": {
"name": "Oracle Communications 12.11.4",
"product_id": "T036202",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.6.0.6",
"product": {
"name": "Oracle Communications \u003c=8.6.0.6",
"product_id": "T036203-fixed"
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "Oracle Communications 10.5",
"product_id": "T036204",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:10.5"
}
}
},
{
"category": "product_version",
"name": "4.1.0",
"product": {
"name": "Oracle Communications 4.1.0",
"product_id": "T036205",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.1.0"
}
}
},
{
"category": "product_version",
"name": "4.2.0",
"product": {
"name": "Oracle Communications 4.2.0",
"product_id": "T036206",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.2.0"
}
}
},
{
"category": "product_version",
"name": "9.2.0",
"product": {
"name": "Oracle Communications 9.2.0",
"product_id": "T036207",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.2.0"
}
}
},
{
"category": "product_version",
"name": "9.3.0",
"product": {
"name": "Oracle Communications 9.3.0",
"product_id": "T036208",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.3.0"
}
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "Oracle Communications 12.11.0",
"product_id": "T036209",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.3",
"product": {
"name": "Oracle Communications \u003c=9.0.3",
"product_id": "T036210-fixed"
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-24998",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-5685",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2024-0450",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-22019",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-2961",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-34064",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-34069"
},
{
"cve": "CVE-2024-6162",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"67646",
"T036206",
"T036207",
"T036208",
"T034143",
"T036201",
"T036202",
"T036204",
"T036197",
"T034146",
"T034145",
"T036199",
"T034144",
"T036200",
"T032090",
"T032091",
"T027326",
"T027338",
"T028684"
],
"last_affected": [
"T036195",
"T036196",
"T036203",
"T036198",
"T036210"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-6162"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…