Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-1597 (GCVE-0-2024-1597)
Vulnerability from cvelistv5 – Published: 2024-02-19 12:58 – Updated: 2025-11-03 21:52- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| pgjdbc | pgjdbc |
Affected:
< 42.7.2
Affected: < 42.6.1 Affected: < 42.5.5 Affected: < 42.4.4 Affected: < 42.3.9 Affected: < 42.2.28 |
|
| pgjdbc | pgjdbc |
Affected:
0 , < 42.7.2
(custom)
Affected: 0 , < 42.6.1 (custom) Affected: 0 , < 42.5.5 (custom) Affected: 0 , < 42.4.4 (custom) Affected: 0 , < 42.3.9 (custom) Affected: 0 , < 42.2.28 (custom) cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgjdbc",
"vendor": "pgjdbc",
"versions": [
{
"lessThan": "42.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "42.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "42.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "42.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "42.3.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "42.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1597",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T04:00:36.120593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T16:53:44.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:29.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240419-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pgjdbc",
"vendor": "pgjdbc",
"versions": [
{
"status": "affected",
"version": "\u003c 42.7.2"
},
{
"status": "affected",
"version": "\u003c 42.6.1"
},
{
"status": "affected",
"version": "\u003c 42.5.5"
},
{
"status": "affected",
"version": "\u003c 42.4.4"
},
{
"status": "affected",
"version": "\u003c 42.3.9"
},
{
"status": "affected",
"version": "\u003c 42.2.28"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Client must run code with PreferQueryMode=Simple"
}
],
"credits": [
{
"lang": "en",
"value": "The pgjdbc project thanks Paul Gerste for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:14:25.740Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56"
},
{
"url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/"
},
{
"url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0008/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/02/6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"
}
],
"title": "pgjdbc SQL Injection via line comment generation",
"workarounds": [
{
"lang": "en",
"value": "Don\u0027t use SimpleQuery mode"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-1597",
"datePublished": "2024-02-19T12:58:48.620Z",
"dateReserved": "2024-02-16T22:29:21.969Z",
"dateUpdated": "2025-11-03T21:52:29.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-1597",
"date": "2026-07-14",
"epss": "0.0481",
"percentile": "0.90932"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"42.2.28\", \"matchCriteriaId\": \"51F0F89A-760E-4592-B142-0A28A0BCD61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"42.3.0\", \"versionEndExcluding\": \"42.3.9\", \"matchCriteriaId\": \"9AF8DB08-81BB-48AD-85E5-B05220E49EA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"42.4.0\", \"versionEndExcluding\": \"42.4.4\", \"matchCriteriaId\": \"3453F9D3-2F9E-493F-8993-4F2A9B9E53F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"42.5.0\", \"versionEndExcluding\": \"42.5.5\", \"matchCriteriaId\": \"99C07B95-DBCC-4DB2-9896-2F7A98CEC91B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"42.6.0\", \"versionEndExcluding\": \"42.6.1\", \"matchCriteriaId\": \"F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"42.7.0\", \"versionEndExcluding\": \"42.7.2\", \"matchCriteriaId\": \"8F88E552-40D4-4287-9357-00D352133ADC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\"}, {\"lang\": \"es\", \"value\": \"pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\\u00edn para un valor num\\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\\u00f3n para un valor de cadena despu\\u00e9s del primer marcador de posici\\u00f3n; ambos deben estar en la misma l\\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas.\"}]",
"id": "CVE-2024-1597",
"lastModified": "2024-11-21T08:50:54.813",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-02-19T13:15:07.740",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/02/6\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0008/\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"}, {\"url\": \"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\", \"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/02/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1597\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2024-02-19T13:15:07.740\",\"lastModified\":\"2026-06-17T07:04:36.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\"},{\"lang\":\"es\",\"value\":\"pgjdbc, el controlador JDBC de PostgreSQL, permite al atacante inyectar SQL si usa PreferQueryMode=SIMPLE. Tenga en cuenta que este no es el valor predeterminado. En el modo predeterminado no hay vulnerabilidad. Un comod\u00edn para un valor num\u00e9rico debe ir precedido inmediatamente de un signo menos. Debe haber un segundo marcador de posici\u00f3n para un valor de cadena despu\u00e9s del primer marcador de posici\u00f3n; ambos deben estar en la misma l\u00ednea. Al construir un payload de cadena coincidente, el atacante puede inyectar SQL para alterar la consulta, evitando las protecciones que las consultas parametrizadas brindan contra los ataques de inyecci\u00f3n SQL. Las versiones anteriores a 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9 y 42.2.8 se ven afectadas.\"}],\"affected\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"affectedData\":[{\"vendor\":\"pgjdbc\",\"product\":\"pgjdbc\",\"versions\":[{\"version\":\"\u003c 42.7.2\",\"status\":\"affected\"},{\"version\":\"\u003c 42.6.1\",\"status\":\"affected\"},{\"version\":\"\u003c 42.5.5\",\"status\":\"affected\"},{\"version\":\"\u003c 42.4.4\",\"status\":\"affected\"},{\"version\":\"\u003c 42.3.9\",\"status\":\"affected\"},{\"version\":\"\u003c 42.2.28\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"pgjdbc\",\"product\":\"pgjdbc\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"42.7.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"42.6.1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"42.5.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"42.4.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"42.3.9\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"42.2.28\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-04-10T04:00:36.120593Z\",\"id\":\"CVE-2024-1597\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"42.2.28\",\"matchCriteriaId\":\"51F0F89A-760E-4592-B142-0A28A0BCD61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.3.0\",\"versionEndExcluding\":\"42.3.9\",\"matchCriteriaId\":\"9AF8DB08-81BB-48AD-85E5-B05220E49EA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.4.0\",\"versionEndExcluding\":\"42.4.4\",\"matchCriteriaId\":\"3453F9D3-2F9E-493F-8993-4F2A9B9E53F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.5.0\",\"versionEndExcluding\":\"42.5.5\",\"matchCriteriaId\":\"99C07B95-DBCC-4DB2-9896-2F7A98CEC91B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.6.0\",\"versionEndExcluding\":\"42.6.1\",\"matchCriteriaId\":\"F30ED3D3-46C8-49D8-BF6F-B804CF8FF02C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"42.7.0\",\"versionEndExcluding\":\"42.7.2\",\"matchCriteriaId\":\"8F88E552-40D4-4287-9357-00D352133ADC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/02/6\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0008/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\"},{\"url\":\"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/02/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-06-02T12:00:53+00:00",
"cve": "CVE-2024-1597",
"id": "CVE-2024-1597",
"initial_release_date": "2024-02-19T00:00:00+00:00",
"product_status:fixed": "74",
"product_status:known_affected": "10",
"product_status:known_not_affected": "2055",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1597.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/\"}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/02/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:52:29.022Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-10T04:00:36.120593Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pgjdbc:pgjdbc:*:*:*:*:*:*:*:*\"], \"vendor\": \"pgjdbc\", \"product\": \"pgjdbc\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.7.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.6.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.5.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.4.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.3.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.2.28\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-30T16:51:07.958Z\"}}], \"cna\": {\"title\": \"pgjdbc SQL Injection via line comment generation\", \"credits\": [{\"lang\": \"en\", \"value\": \"The pgjdbc project thanks Paul Gerste for reporting this problem.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pgjdbc\", \"product\": \"pgjdbc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 42.7.2\"}, {\"status\": \"affected\", \"version\": \"\u003c 42.6.1\"}, {\"status\": \"affected\", \"version\": \"\u003c 42.5.5\"}, {\"status\": \"affected\", \"version\": \"\u003c 42.4.4\"}, {\"status\": \"affected\", \"version\": \"\u003c 42.3.9\"}, {\"status\": \"affected\", \"version\": \"\u003c 42.2.28\"}]}], \"references\": [{\"url\": \"https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\"}, {\"url\": \"https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\"}, {\"url\": \"https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0008/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/02/6\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Don\u0027t use SimpleQuery mode\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Client must run code with PreferQueryMode=Simple\"}], \"providerMetadata\": {\"orgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"shortName\": \"PostgreSQL\", \"dateUpdated\": \"2024-06-10T16:14:25.740Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:52:29.022Z\", \"dateReserved\": \"2024-02-16T22:29:21.969Z\", \"assignerOrgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"datePublished\": \"2024-02-19T12:58:48.620Z\", \"assignerShortName\": \"PostgreSQL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2024-0424
Vulnerability from csaf_certbund - Published: 2024-02-19 23:00 - Updated: 2026-03-23 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Data Replication 11.4.0
IBM / InfoSphere Data Replication
|
cpe:/a:ibm:infosphere_data_replication:11.4.0
|
11.4.0 | |
|
IBM InfoSphere Data Replication 11.4
IBM / InfoSphere Data Replication
|
cpe:/a:ibm:infosphere_data_replication:11.4
|
11.4 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Quarkus 3.2.11
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus_3.2.11
|
Quarkus 3.2.11 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Atlassian Bamboo <9.4.4
Atlassian / Bamboo
|
<9.4.4 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Broadcom Brocade SANnav <2.4.0a
Broadcom / Brocade SANnav
|
<2.4.0a | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Atlassian Bamboo <9.2.12
Atlassian / Bamboo
|
<9.2.12 | ||
|
Red Hat OpenShift Container Platform 4.9
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.9
|
Container Platform 4.9 | |
|
Atlassian Bamboo <9.5.2
Atlassian / Bamboo
|
<9.5.2 | ||
|
Open Source PostgreSQL JDBC Driver <42.3.9
Open Source / PostgreSQL
|
JDBC Driver <42.3.9 | ||
|
Open Source Camunda <7.21.0-alpha3
Open Source / Camunda
|
<7.21.0-alpha3 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Camunda <7.20.5
Open Source / Camunda
|
<7.20.5 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Camunda <7.19.12
Open Source / Camunda
|
<7.19.12 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storage Scale 5.1.x
IBM / Storage Scale
|
cpe:/a:ibm:spectrum_scale:5.1.x
|
5.1.x | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom / Brocade SANnav
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
Open Source PostgreSQL JDBC Driver <42.7.2
Open Source / PostgreSQL
|
JDBC Driver <42.7.2 | ||
|
Open Source PostgreSQL JDBC Driver <42.6.1
Open Source / PostgreSQL
|
JDBC Driver <42.6.1 | ||
|
Red Hat OpenShift Container Platform 4.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.10
|
Container Platform 4.10 | |
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Open Source PostgreSQL JDBC Driver <42.2.8
Open Source / PostgreSQL
|
JDBC Driver <42.2.8 | ||
|
Open Source PostgreSQL JDBC Driver <42.5.5
Open Source / PostgreSQL
|
JDBC Driver <42.5.5 | ||
|
Open Source PostgreSQL JDBC Driver <42.4.4
Open Source / PostgreSQL
|
JDBC Driver <42.4.4 | ||
|
IBM Cognos Analytics Certified Containers <12.1.1
IBM / Cognos Analytics
|
Certified Containers <12.1.1 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PostgreSQL JDBC Driver ausnutzen, um eine SQL-Injection durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0424 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0424.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0424 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0424"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-02-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2024-02-19",
"url": "https://github.com/advisories/GHSA-xfg6-62px-cxc2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0769-1 vom 2024-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018098.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0773-1 vom 2024-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018094.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0771-1 vom 2024-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018096.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-ED884C3203 vom 2024-03-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ed884c3203"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1435 vom 2024-03-20",
"url": "https://access.redhat.com/errata/RHSA-2024:1435"
},
{
"category": "external",
"summary": "Atlassian Security Advisory",
"url": "https://jira.atlassian.com/browse/BAM-25716"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1436 vom 2024-03-20",
"url": "https://access.redhat.com/errata/RHSA-2024:1436"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1436 vom 2024-03-20",
"url": "https://linux.oracle.com/errata/ELSA-2024-1436.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1435 vom 2024-03-22",
"url": "https://linux.oracle.com/errata/ELSA-2024-1435.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1435 vom 2024-03-27",
"url": "https://errata.build.resf.org/RLSA-2024:1435"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1649 vom 2024-04-02",
"url": "https://access.redhat.com/errata/RHSA-2024:1649"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1662 vom 2024-04-03",
"url": "https://access.redhat.com/errata/RHSA-2024:1662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1686 vom 2024-04-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1686"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1797 vom 2024-04-22",
"url": "https://access.redhat.com/errata/RHSA-2024:1797"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1999 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1999"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2624 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2624"
},
{
"category": "external",
"summary": "Camunda Security Notices vom 2024-05-03",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150357 vom 2024-05-07",
"url": "https://www.ibm.com/support/pages/node/7150357"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3812 vom 2024-05-10",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1436 vom 2024-05-10",
"url": "https://errata.build.resf.org/RLSA-2024:1436"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7152260 vom 2024-05-15",
"url": "https://www.ibm.com/support/pages/node/7152260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3313 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3313"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4057 vom 2024-06-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4375 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4375"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4402 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4884 vom 2024-07-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5056 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:5056"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-150 vom 2024-12-17",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-150/index.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2025-2635 vom 2025-02-13",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25412"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7185315 vom 2025-03-10",
"url": "https://www.ibm.com/support/pages/node/7185315"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2025-3032 vom 2025-07-08",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35916"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250395 vom 2025-11-07",
"url": "https://www.ibm.com/support/pages/node/7250395"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "PostgreSQL JDBC Driver: Schwachstelle erm\u00f6glicht SQL-Injection",
"tracking": {
"current_release_date": "2026-03-23T23:00:00.000+00:00",
"generator": {
"date": "2026-03-24T10:23:34.090+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-0424",
"initial_release_date": "2024-02-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat und Atlassian aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "20",
"summary": "Korrektur"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "32"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.5.2",
"product": {
"name": "Atlassian Bamboo \u003c9.5.2",
"product_id": "T033548"
}
},
{
"category": "product_version",
"name": "9.5.2",
"product": {
"name": "Atlassian Bamboo 9.5.2",
"product_id": "T033548-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.5.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.12",
"product": {
"name": "Atlassian Bamboo \u003c9.2.12",
"product_id": "T033549"
}
},
{
"category": "product_version",
"name": "9.2.12",
"product": {
"name": "Atlassian Bamboo 9.2.12",
"product_id": "T033549-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.4",
"product": {
"name": "Atlassian Bamboo \u003c9.4.4",
"product_id": "T033550"
}
},
{
"category": "product_version",
"name": "9.4.4",
"product": {
"name": "Atlassian Bamboo 9.4.4",
"product_id": "T033550-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.4.4"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T034392",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.4.0a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.4.0a",
"product_id": "T045166"
}
},
{
"category": "product_version",
"name": "2.4.0a",
"product": {
"name": "Broadcom Brocade SANnav 2.4.0a",
"product_id": "T045166-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.4.0a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Certified Containers \u003c12.1.1",
"product": {
"name": "IBM Cognos Analytics Certified Containers \u003c12.1.1",
"product_id": "T048389"
}
},
{
"category": "product_version",
"name": "Certified Containers 12.1.1",
"product": {
"name": "IBM Cognos Analytics Certified Containers 12.1.1",
"product_id": "T048389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:certified_containers__12.1.1"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM InfoSphere Data Replication 11.4",
"product_id": "1020294",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_data_replication:11.4"
}
}
},
{
"category": "product_version",
"name": "11.4.0",
"product": {
"name": "IBM InfoSphere Data Replication 11.4.0",
"product_id": "1020295",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_data_replication:11.4.0"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Data Replication"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "5.1.x",
"product": {
"name": "IBM Storage Scale 5.1.x",
"product_id": "T025628",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.1.x"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.19.12",
"product": {
"name": "Open Source Camunda \u003c7.19.12",
"product_id": "T034530"
}
},
{
"category": "product_version",
"name": "7.19.12",
"product": {
"name": "Open Source Camunda 7.19.12",
"product_id": "T034530-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.19.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.20.5",
"product": {
"name": "Open Source Camunda \u003c7.20.5",
"product_id": "T034531"
}
},
{
"category": "product_version",
"name": "7.20.5",
"product": {
"name": "Open Source Camunda 7.20.5",
"product_id": "T034531-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.20.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.21.0-alpha3",
"product": {
"name": "Open Source Camunda \u003c7.21.0-alpha3",
"product_id": "T034532"
}
},
{
"category": "product_version",
"name": "7.21.0-alpha3",
"product": {
"name": "Open Source Camunda 7.21.0-alpha3",
"product_id": "T034532-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.0-alpha3"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.7.2",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.7.2",
"product_id": "T032904"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.7.2",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.7.2",
"product_id": "T032904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.7.2"
}
}
},
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.6.1",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.6.1",
"product_id": "T032905"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.6.1",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.6.1",
"product_id": "T032905-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.6.1"
}
}
},
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.5.5",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.5.5",
"product_id": "T032906"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.5.5",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.5.5",
"product_id": "T032906-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.5.5"
}
}
},
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.4.4",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.4.4",
"product_id": "T032907"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.4.4",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.4.4",
"product_id": "T032907-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.4.4"
}
}
},
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.2.8",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.2.8",
"product_id": "T032909"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.2.8",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.2.8",
"product_id": "T032909-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.2.8"
}
}
},
{
"category": "product_version_range",
"name": "JDBC Driver \u003c42.3.9",
"product": {
"name": "Open Source PostgreSQL JDBC Driver \u003c42.3.9",
"product_id": "T032910"
}
},
{
"category": "product_version",
"name": "JDBC Driver 42.3.9",
"product": {
"name": "Open Source PostgreSQL JDBC Driver 42.3.9",
"product_id": "T032910-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:postgresql:postgresql:jdbc_driver_42.3.9"
}
}
}
],
"category": "product_name",
"name": "PostgreSQL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Quarkus 3.2.11",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.2.11",
"product_id": "T033856",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.2.11"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "T025742",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.10"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "T025990",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "T026435",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.9",
"product": {
"name": "Red Hat OpenShift Container Platform 4.9",
"product_id": "T033901",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.9"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1597",
"product_status": {
"known_affected": [
"1020295",
"1020294",
"67646",
"T033856",
"T004914",
"T033550",
"T038840",
"T025990",
"T045166",
"T050283",
"T033549",
"T033901",
"T033548",
"T032910",
"T034532",
"T032255",
"T034531",
"T052048",
"74185",
"T034530",
"T022954",
"T025628",
"2951",
"T002207",
"T034392",
"T032904",
"T032905",
"T025742",
"T026435",
"T032909",
"T032906",
"T032907",
"T048389"
]
},
"release_date": "2024-02-19T23:00:00.000+00:00",
"title": "CVE-2024-1597"
}
]
}
WID-SEC-W-2024-0899
Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2025-06-09 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
8.5.6 | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
12.2.1.3.0 | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
12.2.1.4.0 | |
|
Oracle Fusion Middleware 8.5.7
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.7
|
8.5.7 | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
14.1.1.0.0 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0899 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0899.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0899 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0899"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Fusion Middleware vom 2024-04-16",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixFMW"
},
{
"category": "external",
"summary": "PoC CVE-2024-21006 vom 2025-06-09",
"url": "https://github.com/d3fudd/CVE-2024-21006_POC"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-09T22:00:00.000+00:00",
"generator": {
"date": "2025-06-10T06:12:15.168+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0899",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2024-21006 aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.2.1.3.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product_id": "618028",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
}
}
},
{
"category": "product_version",
"name": "12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_version",
"name": "14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_version",
"name": "8.5.6",
"product": {
"name": "Oracle Fusion Middleware 8.5.6",
"product_id": "T024993",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
}
}
},
{
"category": "product_version",
"name": "8.5.7",
"product": {
"name": "Oracle Fusion Middleware 8.5.7",
"product_id": "T034057",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0231",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2019-0231"
},
{
"cve": "CVE-2019-10172",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2019-13990",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2019-13990"
},
{
"cve": "CVE-2021-23369",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2021-23369"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-24329",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-24329"
},
{
"cve": "CVE-2022-25147",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-25147"
},
{
"cve": "CVE-2022-34169",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-34381",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-34381"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-45378",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-45378"
},
{
"cve": "CVE-2022-46337",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-46337"
},
{
"cve": "CVE-2022-48579",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2022-48579"
},
{
"cve": "CVE-2023-24021",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-24021"
},
{
"cve": "CVE-2023-2976",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-31122",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-31122"
},
{
"cve": "CVE-2023-33201",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-35887",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-35887"
},
{
"cve": "CVE-2023-3635",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-3635"
},
{
"cve": "CVE-2023-37536",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-37536"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46218",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46589",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-5072",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-52428",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-1597",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-1597"
},
{
"cve": "CVE-2024-20991",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-20991"
},
{
"cve": "CVE-2024-20992",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-20992"
},
{
"cve": "CVE-2024-21006",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21006"
},
{
"cve": "CVE-2024-21007",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21007"
},
{
"cve": "CVE-2024-21117",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21117"
},
{
"cve": "CVE-2024-21118",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21118"
},
{
"cve": "CVE-2024-21119",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21119"
},
{
"cve": "CVE-2024-21120",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-21120"
},
{
"cve": "CVE-2024-23635",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-23635"
},
{
"cve": "CVE-2024-26308",
"product_status": {
"known_affected": [
"T024993",
"618028",
"751674",
"T034057",
"829576"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-26308"
}
]
}
WID-SEC-W-2024-1210
Vulnerability from csaf_certbund - Published: 2024-05-21 22:00 - Updated: 2024-06-03 22:00In Atlassian Confluence existieren mehrere Schwachstellen. Einer dieser Fehler besteht im PostgreSQL JDBC-Treiber im Nicht-Standardmodus und ermöglicht eine SQL-Injection. Zurzeit gibt es keine weiteren Informationen über die andere Scwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
In Atlassian Confluence existieren mehrere Schwachstellen. Einer dieser Fehler besteht im PostgreSQL JDBC-Treiber im Nicht-Standardmodus und ermöglicht eine SQL-Injection. Zurzeit gibt es keine weiteren Informationen über die andere Scwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
In Atlassian Confluence existieren mehrere Schwachstellen in der Apache Tomcat Komponente. Diese bestehen aufgrund unsachgemäßer Eingabevalidierung bzw. -bereinigung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
In Atlassian Confluence existieren mehrere Schwachstellen in der Apache Tomcat Komponente. Diese bestehen aufgrund unsachgemäßer Eingabevalidierung bzw. -bereinigung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
Es besteht eine Schwachstelle in Atlassian Confluence. Diese Schwachstelle betrifft Hazelcast aufgrund einer unsachgemäßen Berechtigungsprüfung. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um im Cluster gespeicherte Daten offenzulegen.
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Confluence ist eine kommerzielle Wiki-Software.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um vertrauliche Informationen offenzulegen und um einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1210 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1210.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1210 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1210"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin May 2024 vom 2024-05-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html"
},
{
"category": "external",
"summary": "Atlassian Vulnerability CONFSERVER-95839 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95839"
},
{
"category": "external",
"summary": "Atlassian Vulnerability CONFSERVER-95837 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95837"
},
{
"category": "external",
"summary": "Atlassian Vulnerability CONFSERVER-95832 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
},
{
"category": "external",
"summary": "Atlassian Vulnerability CONFSERVER-95835 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95835"
},
{
"category": "external",
"summary": "Atlassian Vulnerability CONFSERVER-95834 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95834"
},
{
"category": "external",
"summary": "Poc auf GitHub vom 2024-06-03",
"url": "https://github.com/W01fh4cker/CVE-2024-21683-RCE"
}
],
"source_lang": "en-US",
"title": "Atlassian Confluence: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-03T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:09:26.261+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1210",
"initial_release_date": "2024-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "2",
"summary": "PoC aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.9.0",
"product": {
"name": "Atlassian Confluence \u003c8.9.0",
"product_id": "T034974"
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.9",
"product": {
"name": "Atlassian Confluence \u003c8.5.9",
"product_id": "T034975"
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.22",
"product": {
"name": "Atlassian Confluence \u003c7.19.22",
"product_id": "T034976"
}
},
{
"category": "product_version_range",
"name": "\u003c8.9.1",
"product": {
"name": "Atlassian Confluence \u003c8.9.1",
"product_id": "T034977"
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1597",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence existieren mehrere Schwachstellen. Einer dieser Fehler besteht im PostgreSQL JDBC-Treiber im Nicht-Standardmodus und erm\u00f6glicht eine SQL-Injection. Zurzeit gibt es keine weiteren Informationen \u00fcber die andere Scwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-1597"
},
{
"cve": "CVE-2024-21683",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence existieren mehrere Schwachstellen. Einer dieser Fehler besteht im PostgreSQL JDBC-Treiber im Nicht-Standardmodus und erm\u00f6glicht eine SQL-Injection. Zurzeit gibt es keine weiteren Informationen \u00fcber die andere Scwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-21683"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence existieren mehrere Schwachstellen in der Apache Tomcat Komponente. Diese bestehen aufgrund unsachgem\u00e4\u00dfer Eingabevalidierung bzw. -bereinigung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence existieren mehrere Schwachstellen in der Apache Tomcat Komponente. Diese bestehen aufgrund unsachgem\u00e4\u00dfer Eingabevalidierung bzw. -bereinigung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2023-45859",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Atlassian Confluence. Diese Schwachstelle betrifft Hazelcast aufgrund einer unsachgem\u00e4\u00dfen Berechtigungspr\u00fcfung. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um im Cluster gespeicherte Daten offenzulegen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-45859"
}
]
}
WID-SEC-W-2024-1214
Vulnerability from csaf_certbund - Published: 2024-05-21 22:00 - Updated: 2024-05-21 22:00Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in der Data Center- und Server-Komponente aufgrund einer Abhängigkeit zum com.google.code.gson:gson-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Software Data Center and Server <9.8.0
Atlassian / Jira Software
|
Data Center and Server <9.8.0 | ||
|
Atlassian Jira Software Data Center and Server <9.4.18
Atlassian / Jira Software
|
Data Center and Server <9.4.18 | ||
|
Atlassian Jira Software Data Center and Server <9.7.2
Atlassian / Jira Software
|
Data Center and Server <9.7.2 |
Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in der Komponente Data Center und Server aufgrund einer Abhängigkeit zum om.thoughtworks.xstream:xstream-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abhängigkeit zum org.postgresql:postgresql-Plugin, die zu einem SQL-Injection-Problem führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Software Data Center and Server <9.12.0
Atlassian / Jira Software
|
Data Center and Server <9.12.0 | ||
|
Atlassian Jira Software Data Center and Server <9.11.3
Atlassian / Jira Software
|
Data Center and Server <9.11.3 | ||
|
Atlassian Jira Software Data Center and Server <9.8.0
Atlassian / Jira Software
|
Data Center and Server <9.8.0 | ||
|
Atlassian Jira Software Data Center and Server <9.4.18
Atlassian / Jira Software
|
Data Center and Server <9.4.18 | ||
|
Atlassian Jira Software Data Center and Server <9.7.2
Atlassian / Jira Software
|
Data Center and Server <9.7.2 |
Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abhängigkeit zum org.springframework.security:spring-security-core-Plugin, die zu einer unzulässigen Autorisierung führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Software Data Center and Server <9.12.0
Atlassian / Jira Software
|
Data Center and Server <9.12.0 | ||
|
Atlassian Jira Software Data Center and Server <9.4.19
Atlassian / Jira Software
|
Data Center and Server <9.4.19 | ||
|
Atlassian Jira Software Data Center and Server <9.11.3
Atlassian / Jira Software
|
Data Center and Server <9.11.3 | ||
|
Atlassian Jira Software Data Center and Server <9.8.0
Atlassian / Jira Software
|
Data Center and Server <9.8.0 | ||
|
Atlassian Jira Software Data Center and Server <9.12.6
Atlassian / Jira Software
|
Data Center and Server <9.12.6 | ||
|
Atlassian Jira Software Data Center and Server <9.4.18
Atlassian / Jira Software
|
Data Center and Server <9.4.18 | ||
|
Atlassian Jira Software Data Center and Server <9.7.2
Atlassian / Jira Software
|
Data Center and Server <9.7.2 |
Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abhängigkeit zum org.apache.tomcat:tomcat-websocket-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Software Data Center and Server <9.12.0
Atlassian / Jira Software
|
Data Center and Server <9.12.0 | ||
|
Atlassian Jira Software Data Center and Server <9.11.3
Atlassian / Jira Software
|
Data Center and Server <9.11.3 | ||
|
Atlassian Jira Software Data Center and Server <9.8.0
Atlassian / Jira Software
|
Data Center and Server <9.8.0 | ||
|
Atlassian Jira Software Data Center and Server <9.4.18
Atlassian / Jira Software
|
Data Center and Server <9.4.18 | ||
|
Atlassian Jira Software Data Center and Server <9.7.2
Atlassian / Jira Software
|
Data Center and Server <9.7.2 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Jira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Atlassian Jira Software Data Center und Server ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1214 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1214.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1214 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1214"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin May 2024 vom 2024-05-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html"
},
{
"category": "external",
"summary": "Atlassian Vulnerability JSWSERVER-25950 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25950"
},
{
"category": "external",
"summary": "Atlassian Vulnerability JSWSERVER-25949 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25949"
},
{
"category": "external",
"summary": "Atlassian Vulnerability JSWSERVER-25896 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25896"
},
{
"category": "external",
"summary": "Atlassian Vulnerability JSWSERVER-25905 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25905"
},
{
"category": "external",
"summary": "Atlassian Vulnerability JSWSERVER-25948 vom 2024-05-21",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25948"
}
],
"source_lang": "en-US",
"title": "Atlassian Jira Software (Data Center und Server): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-21T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:09:27.260+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1214",
"initial_release_date": "2024-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.12.0",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.12.0",
"product_id": "T034987"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.11.3",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.11.3",
"product_id": "T034988"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.4.19",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.4.19",
"product_id": "T034989"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.8.0",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.8.0",
"product_id": "T034990"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.7.2",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.7.2",
"product_id": "T034991"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.4.18",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.4.18",
"product_id": "T034992"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.12.6",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.12.6",
"product_id": "T034993"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.15.2",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.15.2",
"product_id": "T034995"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.12.7",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.12.7",
"product_id": "T034996"
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.4.20",
"product": {
"name": "Atlassian Jira Software Data Center and Server \u003c9.4.20",
"product_id": "T034997"
}
}
],
"category": "product_name",
"name": "Jira Software"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in der Data Center- und Server-Komponente aufgrund einer Abh\u00e4ngigkeit zum com.google.code.gson:gson-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T034990",
"T034992",
"T034991"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in der Komponente Data Center und Server aufgrund einer Abh\u00e4ngigkeit zum om.thoughtworks.xstream:xstream-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2024-1597",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abh\u00e4ngigkeit zum org.postgresql:postgresql-Plugin, die zu einem SQL-Injection-Problem f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"T034987",
"T034988",
"T034990",
"T034992",
"T034991"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-1597"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abh\u00e4ngigkeit zum org.springframework.security:spring-security-core-Plugin, die zu einer unzul\u00e4ssigen Autorisierung f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T034987",
"T034989",
"T034988",
"T034990",
"T034993",
"T034992",
"T034991"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in der Atlassian Jira Software. Dieser Fehler besteht in den Komponenten Data Center und Server aufgrund einer Abh\u00e4ngigkeit zum org.apache.tomcat:tomcat-websocket-Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T034987",
"T034988",
"T034990",
"T034992",
"T034991"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23672"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.