Vulnerability-Lookup

CVE-2025-27533 (GCVE-0-2025-27533)

Vulnerability from cvelistv5 – Published: 2025-05-07 08:59 – Updated: 2025-11-03 19:45

Title

Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Summary

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/8hcm25vf7mchg4zbb…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/05/06/1
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache ActiveMQ	Affected: 6.0.0 , < 6.1.6 (semver) Affected: 5.18.0 , < 5.18.7 (semver) Affected: 5.17.0 , < 5.17.7 (semver) Affected: 5.16.0 , < 5.16.8 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:45:36.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/06/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27533",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T13:59:20.516224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T14:00:17.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache ActiveMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "6.1.6",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.18.7",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.7",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.8",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\u003c/p\u003e\u003cp\u003eExisting users may implement mutual TLS to mitigate the risk on affected brokers.\u003c/p\u003e"
            }
          ],
          "value": "Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\n\nDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\n\nUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\n\nExisting users may implement mutual TLS to mitigate the risk on affected brokers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T08:59:00.249Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg"
        }
      ],
      "source": {
        "defect": [
          "AMQ-6596"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-27533",
    "datePublished": "2025-05-07T08:59:00.249Z",
    "dateReserved": "2025-02-28T12:57:16.780Z",
    "dateUpdated": "2025-11-03T19:45:36.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-27533",
      "date": "2026-06-20",
      "epss": "0.08594",
      "percentile": "0.94388"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27533\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-05-07T09:15:18.820\",\"lastModified\":\"2025-11-03T20:18:02.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\\n\\nDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\\n\\nUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\\n\\nExisting users may implement mutual TLS to mitigate the risk on affected brokers.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de asignaci\u00f3n de memoria con valor de tama\u00f1o excesivo en Apache ActiveMQ. Durante la desmarshalling de comandos OpenWire, el valor de tama\u00f1o de los b\u00faferes no se valid\u00f3 correctamente, lo que podr\u00eda provocar una asignaci\u00f3n excesiva de memoria y ser explotado para causar una denegaci\u00f3n de servicio (DoS) al agotar la memoria del proceso. Esto afecta a aplicaciones y servicios que dependen de la disponibilidad del broker ActiveMQ cuando no utilizan conexiones TLS mutuas. Este problema afecta a Apache ActiveMQ: desde la versi\u00f3n 6.0.0 hasta la 6.1.6, desde la versi\u00f3n 5.18.0 hasta la 5.18.7, desde la versi\u00f3n 5.17.0 hasta la 5.17.7 y hasta la 5.16.8. ActiveMQ 5.19.0 no se ve afectado. Se recomienda a los usuarios actualizar a la versi\u00f3n 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7 o 5.16.8, o a la que solucione el problema. Los usuarios existentes pueden implementar TLS mutuo para mitigar el riesgo en los corredores afectados.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"RED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"5.16.8\",\"matchCriteriaId\":\"444A1568-2609-4BB7-BCD1-EC0294AF60B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17.0\",\"versionEndExcluding\":\"5.17.7\",\"matchCriteriaId\":\"61248BE9-38C2-4FB9-BAE6-7ECF600E93BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18.0\",\"versionEndExcluding\":\"5.18.7\",\"matchCriteriaId\":\"EB864869-AB2D-44BF-ADE4-7381D5F52D0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.1.6\",\"matchCriteriaId\":\"AF31F5B0-D737-4EC2-BF00-CC8C44AF7BB0\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/05/06/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/05/06/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:45:36.972Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27533\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-07T13:59:20.516224Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-07T14:00:12.709Z\"}}], \"cna\": {\"title\": \"Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation\", \"source\": {\"defect\": [\"AMQ-6596\"], \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 6.9, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red\", \"providerUrgency\": \"RED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ActiveMQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.1.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.18.0\", \"lessThan\": \"5.18.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.17.0\", \"lessThan\": \"5.17.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.16.0\", \"lessThan\": \"5.16.8\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\\n\\nDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\\n\\nUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\\n\\nExisting users may implement mutual TLS to mitigate the risk on affected brokers.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.\u003c/p\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDuring unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.\u003c/p\u003e\u003cp\u003eExisting users may implement mutual TLS to mitigate the risk on affected brokers.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-789\", \"description\": \"CWE-789 Memory Allocation with Excessive Size Value\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-05-07T08:59:00.249Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27533\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:45:36.972Z\", \"dateReserved\": \"2025-02-28T12:57:16.780Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-05-07T08:59:00.249Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

NCSC-2025-0334

Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:42 - Updated: 2025-11-21 16:03

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.

Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact. Het NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code. De kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken. In logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC's delen om de eigen logging te analyseren. Het NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-122: Heap-based Buffer Overflow

CWE-190: Integer Overflow or Wraparound

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-306: Missing Authentication for Critical Function

CWE-354: Improper Validation of Integrity Check Value

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-674: Uncontrolled Recursion

CWE-680: Integer Overflow to Buffer Overflow

CWE-732: Incorrect Permission Assignment for Critical Resource

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-789: Memory Allocation with Excessive Size Value

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CVE-2020-15250

Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2023-45853

Multiple vulnerabilities across Oracle, Siemens, IBM, zlib, and NetApp products pose severe risks, including remote code execution, denial of service, and data manipulation, with CVSS scores indicating high impact potential.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2024-41909

Multiple vulnerabilities in Oracle Retail Applications, Oracle Middleware, and Apache MINA SSHD could be exploited by remote attackers, affecting data integrity and security features with varying CVSS scores.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-354 - Improper Validation of Integrity Check Value

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2024-48014

Recent vulnerabilities in Oracle Fusion Middleware and Dell BSAFE Micro Edition Suite could allow unauthenticated attackers to cause denial of service, with CVSS scores indicating significant severity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-8916

Bouncy Castle for Java has a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and HPE Telco Service Activator also exhibit various security vulnerabilities, including denial of service and SQL injection risks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-27533

Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-27817

Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access and exploitation, including SSRF and arbitrary file reads, with CVSS scores of 7.5 for Oracle products.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-48795

Recent vulnerabilities in Oracle WebCenter Forms Recognition, Apache CXF, and HPE Telco Service Activator expose systems to data compromise, denial of service, and resource management issues, with varying severity levels.

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-48924

Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-48976

Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload could lead to denial of service (DoS) attacks, with specific versions identified as vulnerable.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-53816

Recent vulnerabilities have been identified in Oracle Outside In Technology versions 8.5.7 and 8.5.8, and in 7-Zip prior to version 25.0.0, both allowing denial of service attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-55163

Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-61752

A vulnerability in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0 allows unauthenticated attackers to exploit HTTP/2 access, potentially leading to denial of service with a CVSS score of 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-61757

A critical vulnerability in Oracle Fusion Middleware's Identity Manager (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated HTTP attackers to potentially take over the system, with a CVSS score of 9.8.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

CVE-2025-61764

A vulnerability in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 allows unauthenticated attackers to access certain data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality impacts.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 14 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Identity Manager (Application)		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Data Quality		vers:unknown/*
vers:unknown/* Oracle / Oracle Fusion Middleware MapViewer		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle JDeveloper		vers:unknown/*
vers:unknown/* Oracle / Oracle Middleware Common Libraries and Tools		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Forms Recognition		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Portal		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Outside In Technology		vers:unknown/*

References

17 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2025.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Fusion Middleware componenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens via HTTP, wat kan leiden tot een gedeeltelijke Denial-of-Service. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores van 7.5, wat wijst op aanzienlijke impact op de beschikbaarheid. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot ongeautoriseerde toegang tot specifieke gegevens, met een CVSS-score van 5.3, wat duidt op een gematigd niveau van vertrouwelijkheidsimpact.\n\nHet NCSC ontvangt berichten dat er media-aandacht is voor de kwetsbaarheid met kenmerk CVE-2025-61757. Betrouwbare partners nemen scanverkeer waar, waarin actief gezocht wordt naar mogelijke uitvoer van willekeurige code.\nDe kwetsbaarheid bevindt zich in **Oracle Identity Manager** en betreft een issue waarbij authenticatie kan worden omzeild omdat bestanden eindigend op de extensie `.wadl` vrijgesteld zijn van authenticatie. Zomaar `.wadl` toevoegen als extensie bij een willekeurige URL zal geen effect hebben, omdat dan een niet-bestaand bestand wordt benaderd. Echter, onderzoekers hebben ontdekt dat het toevoegen van een `;` aan de extensie in theorie code-executie mogelijk kan maken.\n\nIn logging kan worden gezocht naar `;.wadl` als extensie. Dit duidt in elk geval op scanverkeer. Nadere analyse van de logging moet uitwijzen of uitvoer van code heeft plaatsgevonden. Op dit moment is (nog) geen indicatie ontvangen dat uitvoer van willekeurige code daadwerkelijk ergens heeft plaatsgevonden. Het NCSC kan daarom (nog) geen IoC\u0027s delen om de eigen logging te analyseren.\n\nHet NCSC verwacht vanwege de media-aandacht en de publicatie van de onderzoekers echter wel op korte termijn een toename van scanverkeer en mogelijk werkende Proof-of-Concept-code (PoC) en adviseert de updates zo spoedig mogelijk in te zetten, indien dit (nog) niet is gebeurd.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Integer Overflow to Buffer Overflow",
        "title": "CWE-680"
      },
      {
        "category": "general",
        "text": "Incorrect Permission Assignment for Critical Resource",
        "title": "CWE-732"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2025-11-21T16:03:18.991100Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0334",
      "initial_release_date": "2025-10-23T13:42:11.992643Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:42:11.992643Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        },
        {
          "date": "2025-11-21T16:03:18.991100Z",
          "number": "1.0.1",
          "summary": "Er is media-aandacht voor de kwetsbaarheid met kenmerk CVE-2025-61757. Verhoging in scanverkeer en potentieel misbruik wordt verwacht."
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Identity Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Identity Manager (Application)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Coherence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Data Quality"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Fusion Middleware MapViewer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Global Lifecycle Management NextGen OUI Framework"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle JDeveloper"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Middleware Common Libraries and Tools"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle SOA Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Security Service"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Forms Recognition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Portal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebLogic Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Outside In Technology"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15250",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Incorrect Permission Assignment for Critical Resource",
          "title": "CWE-732"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various software products, including JUnit4, Oracle WebLogic Server, and TensorFlow, allowing unauthorized access and information disclosure, with several updates addressing these issues.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-15250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-15250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2020-15250"
    },
    {
      "cve": "CVE-2023-45853",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle, Siemens, IBM, zlib, and NetApp products pose severe risks, including remote code execution, denial of service, and data manipulation, with CVSS scores indicating high impact potential.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45853 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-45853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-41909",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Retail Applications, Oracle Middleware, and Apache MINA SSHD could be exploited by remote attackers, affecting data integrity and security features with varying CVSS scores.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-41909 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-41909.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2024-41909"
    },
    {
      "cve": "CVE-2024-48014",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Fusion Middleware and Dell BSAFE Micro Edition Suite could allow unauthenticated attackers to cause denial of service, with CVSS scores indicating significant severity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-48014 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-48014.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2024-48014"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Bouncy Castle for Java has a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and HPE Telco Service Activator also exhibit various security vulnerabilities, including denial of service and SQL injection risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access and exploitation, including SSRF and arbitrary file reads, with CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48795",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebCenter Forms Recognition, Apache CXF, and HPE Telco Service Activator expose systems to data compromise, denial of service, and resource management issues, with varying severity levels.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-48795"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload could lead to denial of service (DoS) attacks, with specific versions identified as vulnerable.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-53816",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities have been identified in Oracle Outside In Technology versions 8.5.7 and 8.5.8, and in 7-Zip prior to version 25.0.0, both allowing denial of service attacks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53816 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53816.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-53816"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-61752",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0 allows unauthenticated attackers to exploit HTTP/2 access, potentially leading to denial of service with a CVSS score of 7.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61752 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61752.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-61752"
    },
    {
      "cve": "CVE-2025-61757",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A critical vulnerability in Oracle Fusion Middleware\u0027s Identity Manager (versions 12.2.1.4.0 and 14.1.2.1.0) allows unauthenticated HTTP attackers to potentially take over the system, with a CVSS score of 9.8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61757 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61757.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-61757"
    },
    {
      "cve": "CVE-2025-61764",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 allows unauthenticated attackers to access certain data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61764 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61764.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14"
          ]
        }
      ],
      "title": "CVE-2025-61764"
    }
  ]
}

NCSC-2026-0022

Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25

Summary

Kwetsbaarheden verholpen in Oracle Communications producten

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.

Interpretaties: De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-863: Incorrect Authorization

CWE-937: CWE-937

CWE-1035: CWE-1035

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-20: Improper Input Validation

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116: Improper Encoding or Escaping of Output

CWE-121: Stack-based Buffer Overflow

CWE-122: Heap-based Buffer Overflow

CWE-123: Write-what-where Condition

CWE-125: Out-of-bounds Read

CWE-126: Buffer Over-read

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-209: Generation of Error Message Containing Sensitive Information

CWE-252: Unchecked Return Value

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-295: Improper Certificate Validation

CWE-297: Improper Validation of Certificate with Host Mismatch

CWE-393: Return of Wrong Status Code

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-407: Inefficient Algorithmic Complexity

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)

CWE-415: Double Free

CWE-416: Use After Free

CWE-611: Improper Restriction of XML External Entity Reference

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-789: Memory Allocation with Excessive Size Value

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2024-12133

Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2024-46901

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-116 - Improper Encoding or Escaping of Output

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5115

Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5318

Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5987

Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-393 - Return of Wrong Status Code

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-8194

Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-8916

Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-9900

Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-123 - Write-what-where Condition

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-25193

Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-26333

Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-27533

Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-32988

Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-415 - Double Free

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-32990

Recent vulnerabilities in Oracle Communications products and GnuTLS's certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-41249

Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-46727

Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48060

Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48924

Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48976

Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-49844

Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-54571

Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-252 - Unchecked Return Value

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-55163

Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-58057

Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-58098

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-59375

Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-61795

Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-64718

Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-65018

Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-66418

The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-66516

Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-68161

Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

References

32 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Write-what-where Condition",
        "title": "CWE-123"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Generation of Error Message Containing Sensitive Information",
        "title": "CWE-209"
      },
      {
        "category": "general",
        "text": "Unchecked Return Value",
        "title": "CWE-252"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Return of Wrong Status Code",
        "title": "CWE-393"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
        "title": "CWE-409"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications producten",
    "tracking": {
      "current_release_date": "2026-01-21T09:25:39.876330Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0022",
      "initial_release_date": "2026-01-21T09:25:39.876330Z",
      "revision_history": [
        {
          "date": "2026-01-21T09:25:39.876330Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Cloud Native Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications ASAP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications BRM - Elastic Charging Engine"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Billing and Revenue Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Element Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications IP Service Activator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Analytics Data Director"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Integrity"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Operations Monitor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Order and Service Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Policy Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Pricing Design Center"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Report Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Assurance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Inventory Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Communications Broker"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12133",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12133 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-46901",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46901 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2024-46901"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-5318",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5318 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-5987",
      "cwe": {
        "id": "CWE-393",
        "name": "Return of Wrong Status Code"
      },
      "notes": [
        {
          "category": "other",
          "text": "Return of Wrong Status Code",
          "title": "CWE-393"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5987 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5987"
    },
    {
      "cve": "CVE-2025-8194",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "description",
          "text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8194 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-8194"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9900",
      "cwe": {
        "id": "CWE-123",
        "name": "Write-what-where Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Write-what-where Condition",
          "title": "CWE-123"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9900 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-9900"
    },
    {
      "cve": "CVE-2025-25193",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25193 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-25193"
    },
    {
      "cve": "CVE-2025-26333",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Generation of Error Message Containing Sensitive Information",
          "title": "CWE-209"
        },
        {
          "category": "description",
          "text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26333 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-26333"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-32988",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32988 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-32988"
    },
    {
      "cve": "CVE-2025-32990",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32990 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-41249",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41249 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-46727",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46727 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-46727"
    },
    {
      "cve": "CVE-2025-48060",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48060 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48060"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-49844",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49844 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-49844"
    },
    {
      "cve": "CVE-2025-54571",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Return Value",
          "title": "CWE-252"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54571 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-54571"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-58057",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
          "title": "CWE-409"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2025-58098",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58098 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-58098"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-61795",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-64718",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        },
        {
          "category": "description",
          "text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64718 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-64718"
    },
    {
      "cve": "CVE-2025-65018",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-65018 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2025-66418",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66418 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-66418"
    },
    {
      "cve": "CVE-2025-66516",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2025-68161",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        },
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-68161 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-68161"
    }
  ]
}

RHSA-2025:17567

Vulnerability from csaf_redhat - Published: 2025-10-08 14:48 - Updated: 2026-04-30 13:32

Summary

Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update

Severity

Important

Notes

Topic: Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames * (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames * (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames * (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation * (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions * (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-5115

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7.13.2 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.13`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-27533

A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections.

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7.13.2 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.13`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-58056

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Broker 7.13.2 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_broker:7.13`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

41 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:17567	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2364684	external
https://bugzilla.redhat.com/show_bug.cgi?id=2373310	external
https://bugzilla.redhat.com/show_bug.cgi?id=2392996	external
https://issues.redhat.com/browse/ENTMQBR-10093	external
https://issues.redhat.com/browse/ENTMQBR-10099	external
https://issues.redhat.com/browse/ENTMQBR-9917	external
https://issues.redhat.com/browse/ENTMQBR-9921	external
https://issues.redhat.com/browse/ENTMQBR-9932	external
https://issues.redhat.com/browse/ENTMQBR-9933	external
https://issues.redhat.com/browse/ENTMQBR-9934	external
https://issues.redhat.com/browse/ENTMQBR-9936	external
https://issues.redhat.com/browse/ENTMQBR-9947	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-5115	self
https://bugzilla.redhat.com/show_bug.cgi?id=2373310	external
https://www.cve.org/CVERecord?id=CVE-2025-5115	external
https://nvd.nist.gov/vuln/detail/CVE-2025-5115	external
https://github.com/jetty/jetty.project/security/a…	external
https://kb.cert.org/vuls/id/767506	external
https://access.redhat.com/security/cve/CVE-2025-27533	self
https://bugzilla.redhat.com/show_bug.cgi?id=2364684	external
https://www.cve.org/CVERecord?id=CVE-2025-27533	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27533	external
http://www.openwall.com/lists/oss-security/2025/05/06/1	external
https://lists.apache.org/thread/8hcm25vf7mchg4zbb…	external
https://access.redhat.com/security/cve/CVE-2025-58056	self
https://bugzilla.redhat.com/show_bug.cgi?id=2392996	external
https://www.cve.org/CVERecord?id=CVE-2025-58056	external
https://nvd.nist.gov/vuln/detail/CVE-2025-58056	external
https://datatracker.ietf.org/doc/html/rfc9112#nam…	external
https://github.com/JLLeitschuh/unCVEed/issues/1	external
https://github.com/netty/netty/commit/edb55fd8e0a…	external
https://github.com/netty/netty/issues/15522	external
https://github.com/netty/netty/pull/15611	external
https://github.com/netty/netty/security/advisorie…	external
https://w4ke.info/2025/06/18/funky-chunks.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2025-5115) jetty-http2-server: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-hpack: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-5115) jetty-http2-common: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames\n* (CVE-2025-27533) activemq-openwire-legacy: ActiveMQ: Unvalidated Buffer Size Allocation\n* (CVE-2025-58056) netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:17567",
        "url": "https://access.redhat.com/errata/RHSA-2025:17567"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification#important",
        "url": "https://access.redhat.com/security/updates/classification#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.2"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
        "url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
      },
      {
        "category": "external",
        "summary": "2364684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
      },
      {
        "category": "external",
        "summary": "2373310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
      },
      {
        "category": "external",
        "summary": "2392996",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-10093",
        "url": "https://issues.redhat.com/browse/ENTMQBR-10093"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-10099",
        "url": "https://issues.redhat.com/browse/ENTMQBR-10099"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9917",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9917"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9921",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9921"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9932",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9932"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9933",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9933"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9934",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9934"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9936",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9936"
      },
      {
        "category": "external",
        "summary": "ENTMQBR-9947",
        "url": "https://issues.redhat.com/browse/ENTMQBR-9947"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17567.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update",
    "tracking": {
      "current_release_date": "2026-04-30T13:32:52+00:00",
      "generator": {
        "date": "2026-04-30T13:32:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2025:17567",
      "initial_release_date": "2025-10-08T14:48:34+00:00",
      "revision_history": [
        {
          "date": "2025-10-08T14:48:34+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-10-08T14:48:34+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T13:32:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Broker 7.13.2",
                "product": {
                  "name": "Red Hat AMQ Broker 7.13.2",
                  "product_id": "Red Hat AMQ Broker 7.13.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_broker:7.13"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-06-18T08:43:44.656000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2373310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7.13.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-5115"
        },
        {
          "category": "external",
          "summary": "RHBZ#2373310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-5115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5115"
        },
        {
          "category": "external",
          "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h",
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/767506",
          "url": "https://kb.cert.org/vuls/id/767506"
        }
      ],
      "release_date": "2025-08-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-08T14:48:34+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7.13.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:17567"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat AMQ Broker 7.13.2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7.13.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "discovery_date": "2025-05-07T10:00:42.526701+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2364684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7.13.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27533"
        },
        {
          "category": "external",
          "summary": "RHBZ#2364684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27533"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2025/05/06/1",
          "url": "http://www.openwall.com/lists/oss-security/2025/05/06/1"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg",
          "url": "https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg"
        }
      ],
      "release_date": "2025-05-07T08:59:00.249000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-08T14:48:34+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7.13.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:17567"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7.13.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation"
    },
    {
      "cve": "CVE-2025-58056",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2025-09-03T21:01:22.935850+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392996"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Broker 7.13.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392996",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
          "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
        },
        {
          "category": "external",
          "summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
          "url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
          "url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/issues/15522",
          "url": "https://github.com/netty/netty/issues/15522"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/pull/15611",
          "url": "https://github.com/netty/netty/pull/15611"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
        },
        {
          "category": "external",
          "summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        }
      ],
      "release_date": "2025-09-03T20:56:50.732000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-08T14:48:34+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Broker 7.13.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:17567"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
          "product_ids": [
            "Red Hat AMQ Broker 7.13.2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Broker 7.13.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
    }
  ]
}

WID-SEC-W-2025-0954

Vulnerability from csaf_certbund - Published: 2025-05-06 22:00 - Updated: 2025-12-10 23:00

Summary

Apache ActiveMQ: Schwachstelle ermöglicht Denial of Service

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache ActiveMQ ist ein Open Source Message Broker, der den Transport von Nachrichten zwischen verschiedenen Programmen bewerkstelligt.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-27533

Affected products

Known affected 10 products

Product	Identifier	Version
Apache ActiveMQ <6.1.6 Apache / ActiveMQ		<6.1.6
IBM Tivoli Business Service Manager IBM	`cpe:/a:ibm:tivoli_business_service_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SAS Institute Base SAS <9.4M9 (TS1M9) SAS Institute / Base SAS		<9.4M9 (TS1M9)
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Apache ActiveMQ <5.18.7 Apache / ActiveMQ		<5.18.7
Apache ActiveMQ <5.17.7 Apache / ActiveMQ		<5.17.7
Apache ActiveMQ <5.16.8 Apache / ActiveMQ		<5.16.8
Apache ActiveMQ <5.19.0 Apache / ActiveMQ		<5.19.0

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://seclists.org/oss-sec/2025/q2/105	external
https://github.com/absholi7ly/CVE-2025-27533-Expl…	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://security.netapp.com/advisory/NTAP-20250704-0007	external
https://support.sas.com/en/security-bulletins/sas…	external
https://access.redhat.com/errata/RHSA-2025:17567	external
https://www.ibm.com/support/pages/node/7254321	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache ActiveMQ ist ein Open Source Message Broker, der den Transport von Nachrichten zwischen verschiedenen Programmen bewerkstelligt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0954 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0954.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0954 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0954"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-05-06",
        "url": "https://seclists.org/oss-sec/2025/q2/105"
      },
      {
        "category": "external",
        "summary": "Exploit auf GitHub vom 2025-05-11",
        "url": "https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4222 vom 2025-06-19",
        "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20250704-0007 vom 2025-07-04",
        "url": "https://security.netapp.com/advisory/NTAP-20250704-0007"
      },
      {
        "category": "external",
        "summary": "SAS Security Update vom 2025-10-02",
        "url": "https://support.sas.com/en/security-bulletins/sas-security-update-for-sas-94m9-ts1m9.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:17567 vom 2025-10-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:17567"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7254321 vom 2025-12-10",
        "url": "https://www.ibm.com/support/pages/node/7254321"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache ActiveMQ: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-12-10T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-11T10:26:50.995+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-0954",
      "initial_release_date": "2025-05-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-11T22:00:00.000+00:00",
          "number": "2",
          "summary": "Exploit aufgenommen"
        },
        {
          "date": "2025-06-19T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-07-06T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2025-10-05T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-10-08T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.1.6",
                "product": {
                  "name": "Apache ActiveMQ \u003c6.1.6",
                  "product_id": "T043389"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.6",
                "product": {
                  "name": "Apache ActiveMQ 6.1.6",
                  "product_id": "T043389-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:activemq:6.1.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.18.7",
                "product": {
                  "name": "Apache ActiveMQ \u003c5.18.7",
                  "product_id": "T043390"
                }
              },
              {
                "category": "product_version",
                "name": "5.18.7",
                "product": {
                  "name": "Apache ActiveMQ 5.18.7",
                  "product_id": "T043390-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:activemq:5.18.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.17.7",
                "product": {
                  "name": "Apache ActiveMQ \u003c5.17.7",
                  "product_id": "T043391"
                }
              },
              {
                "category": "product_version",
                "name": "5.17.7",
                "product": {
                  "name": "Apache ActiveMQ 5.17.7",
                  "product_id": "T043391-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:activemq:5.17.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.16.8",
                "product": {
                  "name": "Apache ActiveMQ \u003c5.16.8",
                  "product_id": "T043392"
                }
              },
              {
                "category": "product_version",
                "name": "5.16.8",
                "product": {
                  "name": "Apache ActiveMQ 5.16.8",
                  "product_id": "T043392-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:activemq:5.16.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.19.0",
                "product": {
                  "name": "Apache ActiveMQ \u003c5.19.0",
                  "product_id": "T043393"
                }
              },
              {
                "category": "product_version",
                "name": "5.19.0",
                "product": {
                  "name": "Apache ActiveMQ 5.19.0",
                  "product_id": "T043393-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:activemq:5.19.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ActiveMQ"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Tivoli Business Service Manager",
            "product": {
              "name": "IBM Tivoli Business Service Manager",
              "product_id": "5175",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_business_service_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T040945",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.4M9 (TS1M9)",
                "product": {
                  "name": "SAS Institute Base SAS \u003c9.4M9 (TS1M9)",
                  "product_id": "T047382"
                }
              },
              {
                "category": "product_version",
                "name": "9.4M9 (TS1M9)",
                "product": {
                  "name": "SAS Institute Base SAS 9.4M9 (TS1M9)",
                  "product_id": "T047382-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:sas:base_sas:9.4m9_%28ts1m9%29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Base SAS"
          }
        ],
        "category": "vendor",
        "name": "SAS Institute"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T043389",
          "5175",
          "2951",
          "T047382",
          "67646",
          "T040945",
          "T043390",
          "T043391",
          "T043392",
          "T043393"
        ]
      },
      "release_date": "2025-05-06T22:00:00.000+00:00",
      "title": "CVE-2025-27533"
    }
  ]
}

WID-SEC-W-2025-1555

Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-15 22:00

Summary

Oracle Financial Services Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2024-38356

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2024-56128

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2024-57699

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2024-7254

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2024-8176

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-23184

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-24970

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-27533

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-27636

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-27817

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-48734

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

CVE-2025-53031

Affected products

Known affected 10 products

Product	Identifier	Version
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 8.1.2.7 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7`	8.1.2.7
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 8.0.8.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.5`	8.0.8.5
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4

Last affected 1 product

Product	Identifier	Version	Remediation
Oracle Financial Services Applications <=14.7.0.0.0 Oracle / Financial Services Applications		<=14.7.0.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Financial Services ist eine Zusammenstellung  von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1555 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1555.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1555 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1555"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Financial Services Applications vom 2025-07-15",
        "url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixIFLX"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-16T08:26:52.542+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1555",
      "initial_release_date": "2025-07-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.0.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8",
                  "product_id": "T021677",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.1",
                  "product_id": "T022844",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=14.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications \u003c=14.7.0.0.0",
                  "product_id": "T028702"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=14.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications \u003c=14.7.0.0.0",
                  "product_id": "T028702-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.5",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.5",
                  "product_id": "T028706",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.7",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.7",
                  "product_id": "T036217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.8",
                  "product_id": "T038392",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.7.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.8",
                  "product_id": "T040464",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.6",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.6",
                  "product_id": "T040465",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.1.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.4",
                  "product_id": "T042809",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.9",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.9",
                  "product_id": "T042811",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.5",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.5",
                  "product_id": "T045382",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-38356",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-38356"
    },
    {
      "cve": "CVE-2024-56128",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-56128"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-8176",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-8176"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27636",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27636"
    },
    {
      "cve": "CVE-2025-27817",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-53031",
      "product_status": {
        "known_affected": [
          "T021677",
          "T022844",
          "T028706",
          "T036217",
          "T042811",
          "T038392",
          "T045382",
          "T040465",
          "T040464",
          "T042809"
        ],
        "last_affected": [
          "T028702"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-53031"
    }
  ]
}

WID-SEC-W-2025-1560

Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-15 22:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2024-31141

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-34517

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-47554

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-56128

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-56406

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-57699

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-7264

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-8176

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-9143

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2024-9287

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-1974

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-24814

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-24928

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-24970

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-26791

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-27363

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-27533

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-48734

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

CVE-2025-48988

Affected products

Known affected 13 products

Product	Identifier	Version
Oracle Communications Applications 15.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0`	15.0.0.0
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 6.0.5 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.0.5`	6.0.5
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 6.3.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.3.1`	6.3.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0`	15.1.0.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0

Last affected 6 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=6.1.0 Oracle / Communications Applications		<=6.1.0
Oracle Communications Applications <=12.0.0.8 Oracle / Communications Applications		<=12.0.0.8
Oracle Communications Applications <=15.0.1.0 Oracle / Communications Applications		<=15.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0
Oracle Communications Applications <=7.4.2 Oracle / Communications Applications		<=7.4.2
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1560 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1560.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1560 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1560"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Communications Applications vom 2025-07-15",
        "url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixCAGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-16T08:26:54.533+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1560",
      "initial_release_date": "2025-07-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.1",
                "product": {
                  "name": "Oracle Communications Applications 6.3.1",
                  "product_id": "T018935",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.0",
                  "product_id": "T018938",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.1",
                "product": {
                  "name": "Oracle Communications Applications 7.4.1",
                  "product_id": "T018939",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.6",
                "product": {
                  "name": "Oracle Communications Applications 7.3.6",
                  "product_id": "T021635",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.3.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.6.0.0",
                  "product_id": "T027325"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.6.0.0",
                  "product_id": "T027325-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.8.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.8.0",
                  "product_id": "T028673",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.8.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.0.8",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.0.8",
                  "product_id": "T034251"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.0.8",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.0.8",
                  "product_id": "T034251-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.0.0.0",
                  "product_id": "T034252",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.0.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.4.2",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.4.2",
                  "product_id": "T034254"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.4.2",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.4.2",
                  "product_id": "T034254-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0",
                "product": {
                  "name": "Oracle Communications Applications 7.5.0",
                  "product_id": "T034255",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.5.1",
                "product": {
                  "name": "Oracle Communications Applications 7.5.1",
                  "product_id": "T034256",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.0.5",
                "product": {
                  "name": "Oracle Communications Applications 6.0.5",
                  "product_id": "T038372",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.0.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=15.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=15.0.1.0",
                  "product_id": "T040434"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=15.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=15.0.1.0",
                  "product_id": "T040434-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.3.3.0",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.3.0",
                  "product_id": "T040440",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.1.0.0",
                  "product_id": "T045364",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.3.4.0",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.4.0",
                  "product_id": "T045365",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.8.0",
                  "product_id": "T045366"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.8.0",
                  "product_id": "T045366-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=6.1.0",
                  "product_id": "T045368"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=6.1.0",
                  "product_id": "T045368-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.9.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.9.0",
                  "product_id": "T045369",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.9.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31141",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-31141"
    },
    {
      "cve": "CVE-2024-34517",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-34517"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-56128",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-56128"
    },
    {
      "cve": "CVE-2024-56406",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-56406"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-7264",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-7264"
    },
    {
      "cve": "CVE-2024-8176",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-8176"
    },
    {
      "cve": "CVE-2024-9143",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2024-9287",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2024-9287"
    },
    {
      "cve": "CVE-2025-1974",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-1974"
    },
    {
      "cve": "CVE-2025-24814",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24814"
    },
    {
      "cve": "CVE-2025-24928",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24928"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-26791",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-26791"
    },
    {
      "cve": "CVE-2025-27363",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27363"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48988",
      "product_status": {
        "known_affected": [
          "T034252",
          "T034256",
          "T034255",
          "T045369",
          "T038372",
          "T021635",
          "T018935",
          "T018938",
          "T018939",
          "T045365",
          "T045364",
          "T028673",
          "T040440"
        ],
        "last_affected": [
          "T045368",
          "T034251",
          "T040434",
          "T027325",
          "T034254",
          "T045366"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-48988"
    }
  ]
}

WID-SEC-W-2025-2359

Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-11-23 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Kritisch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Sonstiges - Windows

CVE-2020-15250

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-45853

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-41909

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-48014

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-27533

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-27817

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-48734

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-48795

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-48924

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-48976

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-53816

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-55163

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-61752

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-61757

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-61764

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-8916

Affected products

Known affected 6 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.1.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.1.0`	14.1.2.1.0
Oracle Fusion Middleware 8.5.8 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.8`	8.5.8
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2025…	external
https://www.cisa.gov/news-events/alerts/2025/11/2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2359 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2359.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2359 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2359"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Fusion Middleware vom 2025-10-21",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "CISA KEV Catalog vom 2025-11-21",
        "url": "https://www.cisa.gov/news-events/alerts/2025/11/21/cisa-adds-one-known-exploited-vulnerability-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-23T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-24T09:07:12.258+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2359",
      "initial_release_date": "2025-10-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-35246, EUVD-2025-35257, EUVD-2025-35253"
        },
        {
          "date": "2025-11-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Exploit aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.2.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.2.0.0",
                  "product_id": "T040467",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.2.1.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.2.1.0",
                  "product_id": "T047913",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.8",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.8",
                  "product_id": "T047914",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15250",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2020-15250"
    },
    {
      "cve": "CVE-2023-45853",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2024-41909",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-41909"
    },
    {
      "cve": "CVE-2024-48014",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-48014"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27817",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48795",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48795"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-53816",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53816"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-61752",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61752"
    },
    {
      "cve": "CVE-2025-61757",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61757"
    },
    {
      "cve": "CVE-2025-61764",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61764"
    },
    {
      "cve": "CVE-2025-8916",
      "product_status": {
        "known_affected": [
          "T047913",
          "T047914",
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-8916"
    }
  ]
}

WID-SEC-W-2025-2360

Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-11-17 23:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.

Betroffene Betriebssysteme: - Linux - Sonstiges - Windows

CVE-2024-12133

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-28182

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-35164

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-37371

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-50609

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-51504

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-57699

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-7254

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2024-8006

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-27210

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-27533

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-27553

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-27817

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-32415

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-32990

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-4517

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-48734

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-48924

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-48976

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-48989

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-49796

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-5115

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-52999

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-5318

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-53864

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-5399

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-54090

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-55163

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-5889

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-59375

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-6965

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-7339

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-8058

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

CVE-2025-9086

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications Applications 7.4.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.1`	7.4.1
Xerox FreeFlow Print Server v7 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v7`	v7
Oracle Communications Applications 7.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.7.0`	7.7.0
Oracle Communications Applications 8.0.0.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.8.0`	8.0.0.8.0
Oracle Communications Applications 8.1.0.28 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.28`	8.1.0.28
Oracle Communications Applications 8.0.0.7.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.7.0`	8.0.0.7.0
Oracle Communications Applications 7.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.0`	7.5.0
Oracle Communications Applications 7.8.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.8.0`	7.8.0
Oracle Communications Applications 8.0.0.9.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.9.0`	8.0.0.9.0
Oracle Communications Applications 2.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.0.0`	2.0.0.0.0
Oracle Communications Applications 2.0.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:2.0.0.1.0`	2.0.0.1.0
Oracle Communications Applications 15.0.1.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications Applications 6.1.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:6.1.1`	6.1.1
Oracle Communications Applications 7.5.1 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.5.1`	7.5.1
Oracle Communications Applications 7.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.4.0`	7.4.0
Oracle Communications Applications 15.1.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications Applications 3.0.3.3.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.3.0`	3.0.3.3.0
Oracle Communications Applications 8.0.0.5.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.0.0.5.0`	8.0.0.5.0
Oracle Communications Applications 3.0.3.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:3.0.3.4.0`	3.0.3.4.0
Oracle Communications Applications 15.0.0.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications Applications 8.1.0.4.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.1.0.4.0`	8.1.0.4.0
Oracle Communications Applications 12.0.6.0.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:12.0.6.0.0`	12.0.6.0.0
Oracle Communications Applications 7.3.6 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:7.3.6`	7.3.6
Oracle Communications Applications 8.2.0.1.0 Oracle / Communications Applications	`cpe:/a:oracle:communications_applications:8.2.0.1.0`	8.2.0.1.0

Last affected 7 products

Product	Identifier	Version	Remediation
Oracle Communications Applications <=7.8.0 Oracle / Communications Applications		<=7.8.0
Oracle Communications Applications <=6.1.1 Oracle / Communications Applications		<=6.1.1
Oracle Communications Applications <=12.0.0.8.0 Oracle / Communications Applications		<=12.0.0.8.0
Oracle Communications Applications <=7.5.1 Oracle / Communications Applications		<=7.5.1
Oracle Communications Applications <=15.0.1.0.0 Oracle / Communications Applications		<=15.0.1.0.0
Oracle Communications Applications <=2.0.0.1.0 Oracle / Communications Applications		<=2.0.0.1.0
Oracle Communications Applications <=12.0.6.0.0 Oracle / Communications Applications		<=12.0.6.0.0

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuoct2025…	external
https://security.business.xerox.com/wp-content/up…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2360 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2360.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2360 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2360"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Communications Applications vom 2025-10-21",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixCAGBU"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-018 vom 2025-11-18",
        "url": "https://security.business.xerox.com/wp-content/uploads/2025/11/Xerox-Security-Bulletin-XRX25-018-Xerox-FreeFlow-Print-Server-v7.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-17T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-18T08:13:07.419+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2360",
      "initial_release_date": "2025-10-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=2.0.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=2.0.0.1.0",
                  "product_id": "T047971"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=2.0.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=2.0.0.1.0",
                  "product_id": "T047971-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.6.0.0",
                  "product_id": "T047972"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.6.0.0",
                  "product_id": "T047972-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=15.0.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=15.0.1.0.0",
                  "product_id": "T047973"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=15.0.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=15.0.1.0.0",
                  "product_id": "T047973-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.1.0.0.0",
                  "product_id": "T047974",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0.28",
                "product": {
                  "name": "Oracle Communications Applications 8.1.0.28",
                  "product_id": "T047975",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.1.0.28"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.1",
                "product": {
                  "name": "Oracle Communications Applications \u003c=6.1.1",
                  "product_id": "T047976"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.1",
                "product": {
                  "name": "Oracle Communications Applications \u003c=6.1.1",
                  "product_id": "T047976-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.8.0",
                  "product_id": "T047977"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.8.0",
                  "product_id": "T047977-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.8.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.8.0",
                  "product_id": "T047978",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.9.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.9.0",
                  "product_id": "T047979",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.0.0.0.0",
                "product": {
                  "name": "Oracle Communications Applications 2.0.0.0.0",
                  "product_id": "T047980",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:2.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.0.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications 2.0.0.1.0",
                  "product_id": "T047981",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:2.0.0.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.3.4.0",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.4.0",
                  "product_id": "T047982",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.0.6.0.0",
                "product": {
                  "name": "Oracle Communications Applications 12.0.6.0.0",
                  "product_id": "T047983",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:12.0.6.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.0",
                "product": {
                  "name": "Oracle Communications Applications 7.4.0",
                  "product_id": "T047984",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.1.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.0.1.0.0",
                  "product_id": "T047992",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.0.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0.0.0",
                "product": {
                  "name": "Oracle Communications Applications 15.0.0.0.0",
                  "product_id": "T047993",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:15.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.6",
                "product": {
                  "name": "Oracle Communications Applications 7.3.6",
                  "product_id": "T047994",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.3.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.3.3.0",
                "product": {
                  "name": "Oracle Communications Applications 3.0.3.3.0",
                  "product_id": "T047996",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:3.0.3.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.7.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.7.0",
                  "product_id": "T047997",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.7.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.8.0",
                "product": {
                  "name": "Oracle Communications Applications 7.8.0",
                  "product_id": "T047998",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.7.0",
                "product": {
                  "name": "Oracle Communications Applications 7.7.0",
                  "product_id": "T047999",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.7.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.5.1",
                "product": {
                  "name": "Oracle Communications Applications 7.5.1",
                  "product_id": "T048000",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.1.1",
                "product": {
                  "name": "Oracle Communications Applications 6.1.1",
                  "product_id": "T048001",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:6.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.5.1",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.5.1",
                  "product_id": "T048003"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.5.1",
                "product": {
                  "name": "Oracle Communications Applications \u003c=7.5.1",
                  "product_id": "T048003-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.0.1.0",
                "product": {
                  "name": "Oracle Communications Applications 8.2.0.1.0",
                  "product_id": "T048004",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.2.0.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0.4.0",
                "product": {
                  "name": "Oracle Communications Applications 8.1.0.4.0",
                  "product_id": "T048005",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.1.0.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.5.0",
                "product": {
                  "name": "Oracle Communications Applications 8.0.0.5.0",
                  "product_id": "T048006",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:8.0.0.5.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.0.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.0.8.0",
                  "product_id": "T048008"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=12.0.0.8.0",
                "product": {
                  "name": "Oracle Communications Applications \u003c=12.0.0.8.0",
                  "product_id": "T048008-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0",
                "product": {
                  "name": "Oracle Communications Applications 7.5.0",
                  "product_id": "T048009",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.1",
                "product": {
                  "name": "Oracle Communications Applications 7.4.1",
                  "product_id": "T048010",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_applications:7.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T035098",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12133",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-28182",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-35164",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-35164"
    },
    {
      "cve": "CVE-2024-37371",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-50609",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-50609"
    },
    {
      "cve": "CVE-2024-51504",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-51504"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-8006",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2024-8006"
    },
    {
      "cve": "CVE-2025-27210",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27210"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27553",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27553"
    },
    {
      "cve": "CVE-2025-27817",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-32415",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-32415"
    },
    {
      "cve": "CVE-2025-32990",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-4517",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-4517"
    },
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49796",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-5115",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-52999",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-5318",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-53864",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-5399",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-5399"
    },
    {
      "cve": "CVE-2025-54090",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-54090"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-5889",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-5889"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-6965",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-7339",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-7339"
    },
    {
      "cve": "CVE-2025-8058",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-8058"
    },
    {
      "cve": "CVE-2025-9086",
      "product_status": {
        "known_affected": [
          "T048010",
          "T035098",
          "T047999",
          "T047978",
          "T047975",
          "T047997",
          "T048009",
          "T047998",
          "T047979",
          "T047980",
          "T047981",
          "T047992",
          "T048001",
          "T048000",
          "T047984",
          "T047974",
          "T047996",
          "T048006",
          "T047982",
          "T047993",
          "T048005",
          "T047983",
          "T047994",
          "T048004"
        ],
        "last_affected": [
          "T047977",
          "T047976",
          "T048008",
          "T048003",
          "T047973",
          "T047971",
          "T047972"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-9086"
    }
  ]
}

WID-SEC-W-2026-0153

Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-20 23:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2024-12133

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2024-46901

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-25193

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-26333

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-27533

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-32988

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-32990

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-41249

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-46727

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-48060

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-48734

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-48924

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-48976

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-49844

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-5115

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-5318

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-54571

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-55163

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-58057

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-58098

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-59375

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-5987

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-61795

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-64718

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-65018

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-66418

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-66516

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-68161

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-8194

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-8916

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

CVE-2025-9900

Affected products

Known affected 29 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 24.3.0 Oracle / Communications	`cpe:/a:oracle:communications:24.3.0`	24.3.0
Oracle Communications 7.5.0 Oracle / Communications	`cpe:/a:oracle:communications:7.5.0`	7.5.0
Oracle Communications 15.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0`	15.1.0.0
Oracle Communications 25.1.0 Oracle / Communications	`cpe:/a:oracle:communications:25.1.0`	25.1.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 9.1.0 Oracle / Communications	`cpe:/a:oracle:communications:9.1.0`	9.1.0
Oracle Communications 6.0 Oracle / Communications	`cpe:/a:oracle:communications:6.0`	6
Oracle Communications 6.1 Oracle / Communications	`cpe:/a:oracle:communications:6.1`	6.1
Oracle Communications 25.1.200 Oracle / Communications	`cpe:/a:oracle:communications:25.1.200`	25.1.200
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 7.4.1 Oracle / Communications	`cpe:/a:oracle:communications:7.4.1`	7.4.1
Oracle Communications 15.0.1.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0.0`	15.0.1.0.0
Oracle Communications 7.8.0 Oracle / Communications	`cpe:/a:oracle:communications:7.8.0`	7.8.0
Oracle Communications 15.0.1.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1.0`	15.0.1.0
Oracle Communications 15.1.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.1.0.0.0`	15.1.0.0.0
Oracle Communications 7.4.0 Oracle / Communications	`cpe:/a:oracle:communications:7.4.0`	7.4.0
Oracle Communications 7.3.6 Oracle / Communications	`cpe:/a:oracle:communications:7.3.6`	7.3.6
Oracle Communications 8.0.0 Oracle / Communications	`cpe:/a:oracle:communications:8.0.0`	8.0.0
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 7.7.0 Oracle / Communications	`cpe:/a:oracle:communications:7.7.0`	7.7.0
Oracle Communications 5.0.0 Oracle / Communications	`cpe:/a:oracle:communications:5.0.0`	5.0.0
Oracle Communications 15.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0`	15.0.0.0
Oracle Communications 25.2.100 Oracle / Communications	`cpe:/a:oracle:communications:25.2.100`	25.2.100

Last affected 3 products

Product	Identifier	Version	Remediation
Oracle Communications <=6.1.1 Oracle / Communications		<=6.1.1
Oracle Communications <=9.0.4 Oracle / Communications		<=9.0.4
Oracle Communications <=24.2.1 Oracle / Communications		<=24.2.1

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujan2026…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0153 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0153.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0153 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0153"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Communications vom 2026-01-20",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixCGBU"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-20T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-21T08:44:06.939+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0153",
      "initial_release_date": "2026-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6",
                "product": {
                  "name": "Oracle Communications 6.0",
                  "product_id": "T018947",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:6.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.1",
                "product": {
                  "name": "Oracle Communications 6.1",
                  "product_id": "T018948",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:6.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0",
                "product": {
                  "name": "Oracle Communications 8.0.0",
                  "product_id": "T025868",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:8.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0",
                  "product_id": "T027330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.1",
                "product": {
                  "name": "Oracle Communications 9.0.1",
                  "product_id": "T027331",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0.0.0",
                "product": {
                  "name": "Oracle Communications 15.0.0.0.0",
                  "product_id": "T032090",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.2",
                "product": {
                  "name": "Oracle Communications 5.2",
                  "product_id": "T034146",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1.0",
                "product": {
                  "name": "Oracle Communications 4.1.0",
                  "product_id": "T036205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.2.0",
                "product": {
                  "name": "Oracle Communications 4.2.0",
                  "product_id": "T036206",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.3.0",
                "product": {
                  "name": "Oracle Communications 9.3.0",
                  "product_id": "T036208",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.1.0",
                "product": {
                  "name": "Oracle Communications 9.1.0",
                  "product_id": "T038381",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.3.0",
                "product": {
                  "name": "Oracle Communications 24.3.0",
                  "product_id": "T040448",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.1.100",
                "product": {
                  "name": "Oracle Communications 25.1.100",
                  "product_id": "T042794",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:25.1.100"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.0",
                "product": {
                  "name": "Oracle Communications 10.0.0",
                  "product_id": "T042795",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:10.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.4",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.4",
                  "product_id": "T045371"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.4",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.4",
                  "product_id": "T045371-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.0",
                "product": {
                  "name": "Oracle Communications 5.0.0",
                  "product_id": "T045372",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0.0",
                "product": {
                  "name": "Oracle Communications 15.0.0.0",
                  "product_id": "T045374",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.1.200",
                "product": {
                  "name": "Oracle Communications 25.1.200",
                  "product_id": "T047885",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:25.1.200"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.2.100",
                "product": {
                  "name": "Oracle Communications 25.2.100",
                  "product_id": "T047890",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:25.2.100"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.1",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.1",
                  "product_id": "T047970"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.1",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.1",
                  "product_id": "T047970-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0",
                "product": {
                  "name": "Oracle Communications 7.5.0",
                  "product_id": "T050113",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.5.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.1",
                "product": {
                  "name": "Oracle Communications \u003c=6.1.1",
                  "product_id": "T050114"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=6.1.1",
                "product": {
                  "name": "Oracle Communications \u003c=6.1.1",
                  "product_id": "T050114-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "25.1.0",
                "product": {
                  "name": "Oracle Communications 25.1.0",
                  "product_id": "T050115",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:25.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0.0",
                "product": {
                  "name": "Oracle Communications 15.1.0.0",
                  "product_id": "T050116",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.6",
                "product": {
                  "name": "Oracle Communications 7.3.6",
                  "product_id": "T050117",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.3.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.0",
                "product": {
                  "name": "Oracle Communications 7.4.0",
                  "product_id": "T050118",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.7.0",
                "product": {
                  "name": "Oracle Communications 7.7.0",
                  "product_id": "T050119",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.7.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.8.0",
                "product": {
                  "name": "Oracle Communications 7.8.0",
                  "product_id": "T050120",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.1.0.0",
                "product": {
                  "name": "Oracle Communications 15.0.1.0.0",
                  "product_id": "T050121",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0.0.0",
                "product": {
                  "name": "Oracle Communications 15.1.0.0.0",
                  "product_id": "T050122",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.1.0",
                "product": {
                  "name": "Oracle Communications 15.0.1.0",
                  "product_id": "T050123",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4.1",
                "product": {
                  "name": "Oracle Communications 7.4.1",
                  "product_id": "T050124",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:7.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12133",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-46901",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2024-46901"
    },
    {
      "cve": "CVE-2025-25193",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-25193"
    },
    {
      "cve": "CVE-2025-26333",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-26333"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-32988",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-32988"
    },
    {
      "cve": "CVE-2025-32990",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-41249",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-46727",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-46727"
    },
    {
      "cve": "CVE-2025-48060",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48060"
    },
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-49844",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-49844"
    },
    {
      "cve": "CVE-2025-5115",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-5318",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-54571",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-54571"
    },
    {
      "cve": "CVE-2025-55163",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-58057",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2025-58098",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-58098"
    },
    {
      "cve": "CVE-2025-59375",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-5987",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-5987"
    },
    {
      "cve": "CVE-2025-61795",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-64718",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-64718"
    },
    {
      "cve": "CVE-2025-65018",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2025-66418",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-66418"
    },
    {
      "cve": "CVE-2025-66516",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2025-68161",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-68161"
    },
    {
      "cve": "CVE-2025-8194",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-8194"
    },
    {
      "cve": "CVE-2025-8916",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9900",
      "product_status": {
        "known_affected": [
          "T027330",
          "T036205",
          "T036206",
          "T036208",
          "T040448",
          "T050113",
          "T050116",
          "T050115",
          "T034146",
          "T042794",
          "T042795",
          "T038381",
          "T018947",
          "T018948",
          "T047885",
          "T027331",
          "T050124",
          "T050121",
          "T050120",
          "T050123",
          "T050122",
          "T050118",
          "T050117",
          "T025868",
          "T032090",
          "T050119",
          "T045372",
          "T045374",
          "T047890"
        ],
        "last_affected": [
          "T050114",
          "T045371",
          "T047970"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9900"
    }
  ]
}

WID-SEC-W-2026-0783

Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-03-18 23:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2022-46337

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2022-50673

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2022-50865

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2023-44483

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2023-53552

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2024-26766

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-12084

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-14104

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-14242

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-15366

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-15367

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-23184

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-27533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38022

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38024

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38051

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38403

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38415

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-38459

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-39760

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-39933

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40096

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40135

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40158

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40170

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40258

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40269

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40271

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-40322

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-48913

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-48924

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-4897

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-5372

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-53905

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-53906

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-58457

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-6176

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-64775

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-66418

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-66453

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-66471

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-66675

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-68301

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-68349

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-8916

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-9086

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-0865

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-1188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-1299

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-21441

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-21925

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-21932

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-21933

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-21945

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-22998

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-13995

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-36051

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2025-15051

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

CVE-2026-1276

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM <7.5.0 UP15 IBM / QRadar SIEM		<7.5.0 UP15

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7266709	external
https://www.ibm.com/support/pages/node/7266711	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0783 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0783.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0783 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0783"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7266709 vom 2026-03-18",
        "url": "https://www.ibm.com/support/pages/node/7266709"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7266711 vom 2026-03-18",
        "url": "https://www.ibm.com/support/pages/node/7266711"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-18T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-19T10:08:04.786+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0783",
      "initial_release_date": "2026-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP15",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP15",
                  "product_id": "T051890"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP15",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP15",
                  "product_id": "T051890-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-46337",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2022-46337"
    },
    {
      "cve": "CVE-2022-50673",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2022-50673"
    },
    {
      "cve": "CVE-2022-50865",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2022-50865"
    },
    {
      "cve": "CVE-2023-44483",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2023-44483"
    },
    {
      "cve": "CVE-2023-53552",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2023-53552"
    },
    {
      "cve": "CVE-2024-26766",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2024-26766"
    },
    {
      "cve": "CVE-2025-12084",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-12084"
    },
    {
      "cve": "CVE-2025-14104",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-14104"
    },
    {
      "cve": "CVE-2025-14242",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-14242"
    },
    {
      "cve": "CVE-2025-15366",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15366"
    },
    {
      "cve": "CVE-2025-15367",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15367"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-27533",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-38022",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38022"
    },
    {
      "cve": "CVE-2025-38024",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38024"
    },
    {
      "cve": "CVE-2025-38051",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38051"
    },
    {
      "cve": "CVE-2025-38403",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38403"
    },
    {
      "cve": "CVE-2025-38415",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38415"
    },
    {
      "cve": "CVE-2025-38459",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-38459"
    },
    {
      "cve": "CVE-2025-39760",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-39760"
    },
    {
      "cve": "CVE-2025-39933",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-39933"
    },
    {
      "cve": "CVE-2025-40096",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40096"
    },
    {
      "cve": "CVE-2025-40135",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40135"
    },
    {
      "cve": "CVE-2025-40158",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40158"
    },
    {
      "cve": "CVE-2025-40170",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40170"
    },
    {
      "cve": "CVE-2025-40258",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40258"
    },
    {
      "cve": "CVE-2025-40269",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40269"
    },
    {
      "cve": "CVE-2025-40271",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40271"
    },
    {
      "cve": "CVE-2025-40322",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-40322"
    },
    {
      "cve": "CVE-2025-48913",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-48913"
    },
    {
      "cve": "CVE-2025-48924",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-4897",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-4897"
    },
    {
      "cve": "CVE-2025-5372",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-5372"
    },
    {
      "cve": "CVE-2025-53905",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-53905"
    },
    {
      "cve": "CVE-2025-53906",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-53906"
    },
    {
      "cve": "CVE-2025-58457",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-58457"
    },
    {
      "cve": "CVE-2025-6176",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-6176"
    },
    {
      "cve": "CVE-2025-64775",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-64775"
    },
    {
      "cve": "CVE-2025-66418",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66418"
    },
    {
      "cve": "CVE-2025-66453",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66453"
    },
    {
      "cve": "CVE-2025-66471",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66471"
    },
    {
      "cve": "CVE-2025-66675",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-66675"
    },
    {
      "cve": "CVE-2025-68301",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-68301"
    },
    {
      "cve": "CVE-2025-68349",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-68349"
    },
    {
      "cve": "CVE-2025-8916",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9086",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2026-0865",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-0865"
    },
    {
      "cve": "CVE-2026-1188",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1188"
    },
    {
      "cve": "CVE-2026-1299",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1299"
    },
    {
      "cve": "CVE-2026-21441",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-21441"
    },
    {
      "cve": "CVE-2026-21925",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-21925"
    },
    {
      "cve": "CVE-2026-21932",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-21932"
    },
    {
      "cve": "CVE-2026-21933",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-21933"
    },
    {
      "cve": "CVE-2026-21945",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-21945"
    },
    {
      "cve": "CVE-2026-22998",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-22998"
    },
    {
      "cve": "CVE-2025-13995",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-13995"
    },
    {
      "cve": "CVE-2025-36051",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-36051"
    },
    {
      "cve": "CVE-2025-15051",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-15051"
    },
    {
      "cve": "CVE-2026-1276",
      "product_status": {
        "known_affected": [
          "T051890"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-1276"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-27533 (GCVE-0-2025-27533)

Tags

Sightings

Nomenclature