Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-32007
Vulnerability from cvelistv5
Published
2024-07-19 08:50
Modified
2024-09-13 17:04
Severity ?
EPSS score ?
Summary
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cxf", vendor: "apache", versions: [ { lessThan: "4.0.5", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.6.4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "3.5.9", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-32007", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-19T17:00:33.143276Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-19T17:02:50.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-13T17:04:44.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, { url: "https://security.netapp.com/advisory/ntap-20240808-0009/", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/18/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "org.apache.cxf.rs.security.jose", product: "Apache CXF", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.5, 3.6.4, 3.5.9", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. <br>", }, ], value: "An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. \n", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T08:50:31.832Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], source: { discovery: "EXTERNAL", }, title: "Apache CXF Denial of Service vulnerability in JOSE", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-32007", datePublished: "2024-07-19T08:50:31.832Z", dateReserved: "2024-04-08T15:34:17.712Z", dateUpdated: "2024-09-13T17:04:44.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5.9\", \"matchCriteriaId\": \"BF0BA29F-721E-4599-A7AC-32DAC5AB44D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.0\", \"versionEndExcluding\": \"3.6.4\", \"matchCriteriaId\": \"7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.0.5\", \"matchCriteriaId\": \"ACAFECF5-75A5-4397-A588-F51D09717335\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An improper input validation of the\\u00a0p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\\u00a0allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\\u00a0\\n\"}, {\"lang\": \"es\", \"value\": \" Una validaci\\u00f3n de entrada incorrecta del par\\u00e1metro p2c en el c\\u00f3digo Apache CXF JOSE anterior a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar un ataque de denegaci\\u00f3n de servicio especificando un valor grande para este par\\u00e1metro en un token.\"}]", id: "CVE-2024-32007", lastModified: "2024-11-21T09:14:20.010", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2024-07-19T09:15:04.713", references: "[{\"url\": \"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/18/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240808-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-32007\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-19T09:15:04.713\",\"lastModified\":\"2024-11-21T09:14:20.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. \\n\"},{\"lang\":\"es\",\"value\":\" Una validación de entrada incorrecta del parámetro p2c en el código Apache CXF JOSE anterior a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar un ataque de denegación de servicio especificando un valor grande para este parámetro en un token.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.9\",\"matchCriteriaId\":\"BF0BA29F-721E-4599-A7AC-32DAC5AB44D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.4\",\"matchCriteriaId\":\"7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.5\",\"matchCriteriaId\":\"ACAFECF5-75A5-4397-A588-F51D09717335\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/18/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240808-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240808-0009/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/18/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-13T17:04:44.644Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32007\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T17:00:33.143276Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"cxf\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.0.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.6.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.5.9\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T17:02:19.334Z\"}}], \"cna\": {\"title\": \"Apache CXF Denial of Service vulnerability in JOSE\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab.\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache CXF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.0.5, 3.6.4, 3.5.9\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.cxf.rs.security.jose\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper input validation of the\\u00a0p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\\u00a0allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\\u00a0\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. <br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-19T08:50:31.832Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-32007\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-13T17:04:44.644Z\", \"dateReserved\": \"2024-04-08T15:34:17.712Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-19T08:50:31.832Z\", \"assignerShortName\": \"apache\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
NCSC-2024-0416
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:18
Modified
2024-10-17 13:18
Summary
Kwetsbaarheden verholpen in Oracle Financial Services Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Financial Services Applications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site-Scripting (XSS)
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1325
Improperly Controlled Sequential Memory Allocation
CWE-1188
Initialization of a Resource with an Insecure Default
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-404
Improper Resource Shutdown or Release
CWE-306
Missing Authentication for Critical Function
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-295
Improper Certificate Validation
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Financial Services Applications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Cross-Site-Scripting (XSS)\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, { category: "general", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Financial Services Applications", tracking: { current_release_date: "2024-10-17T13:18:45.385015Z", id: "NCSC-2024-0416", initial_release_date: "2024-10-17T13:18:45.385015Z", revision_history: [ { date: "2024-10-17T13:18:45.385015Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221114", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221109", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221107", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221106", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816814", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221103", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-764256", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-1503320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912088", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912087", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912086", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912568", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912570", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-764257", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1503613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912091", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912090", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-220172", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-220168", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1673521", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1673498", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912571", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912572", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912573", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_collections_and_recovery", product: { name: "banking_collections_and_recovery", product_id: "CSAFPID-816817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_collections_and_recovery:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending", product: { name: "banking_corporate_lending", product_id: "CSAFPID-764258", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-764259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503615", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503616", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-764260", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-220170", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-912574", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-611428", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-387666", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9129", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816818", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221108", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221105", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816819", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221104", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816821", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_electronic_data_exchange_for_corporates", product: { name: "banking_electronic_data_exchange_for_corporates", product_id: "CSAFPID-764261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-816822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-912575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-912576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_extensibility_workbench", product: { name: "banking_extensibility_workbench", product_id: "CSAFPID-816823", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_extensibility_workbench:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764262", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912094", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912093", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220154", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912092", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764748", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220152", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-816824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220151", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673482", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673499", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_infrastructure___14.7.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_loans_servicing", product: { name: "banking_loans_servicing", product_id: "CSAFPID-912581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_loans_servicing", product: { name: "banking_loans_servicing", product_id: "CSAFPID-611718", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_loans_servicing:2.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-764263", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-224806", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912062", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-258398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-220173", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-816825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-912095", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-387665", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-764264", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-94387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-220552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-220160", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-912585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-204520", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-1503621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-9430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-912096", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-9390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-764265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-220171", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-220169", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-1673520", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-1673500", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-631680", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-94386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-344967", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-220194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-764266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220155", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220153", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220150", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-764749", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-94389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-220553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-220195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-764267", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912099", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-180211", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912098", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-201568", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912097", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-201569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9711", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9522", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-8848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345042", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363146", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.7.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363129", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.1.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674656", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674659", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.5.0.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674662", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674666", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674658", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674668", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674669", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674667", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674655", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:3.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674657", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:4.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674660", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:5.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674654", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674665", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_asset_liability_management", product: { name: "financial_services_asset_liability_management", product_id: "CSAFPID-363142", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_computation_engine", product: { name: "financial_services_balance_computation_engine", product_id: "CSAFPID-363130", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_computation_engine:8.1.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_sheet_planning", product: { name: "financial_services_balance_sheet_planning", product_id: "CSAFPID-363135", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-189067", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-345041", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-816828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1503630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_cash_flow_engine", product: { name: "financial_services_cash_flow_engine", product_id: "CSAFPID-764273", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_cash_flow_engine:8.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-345047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-816829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1673398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-391382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.0.8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363128", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363127", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363144", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363131", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363126", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363143", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-345040", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-816830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_financial_performance_analytics", product: { name: "financial_services_enterprise_financial_performance_analytics", product_id: "CSAFPID-363141", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_funds_transfer_pricing", product: { name: "financial_services_funds_transfer_pricing", product_id: "CSAFPID-363138", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_institutional_performance_analytics", product: { name: "financial_services_institutional_performance_analytics", product_id: "CSAFPID-363136", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_lending_and_leasing", product: { name: "financial_services_lending_and_leasing", product_id: "CSAFPID-816831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363145", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363140", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363134", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_profitability_management", product: { name: "financial_services_profitability_management", product_id: "CSAFPID-363139", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting_with_agilereporter", product: { name: "financial_services_regulatory_reporting_with_agilereporter", product_id: "CSAFPID-611433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.1.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_retail_performance_analytics", product: { name: "financial_services_retail_performance_analytics", product_id: "CSAFPID-363137", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-31160", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-9390", "CSAFPID-204520", "CSAFPID-94302", "CSAFPID-94301", "CSAFPID-94300", "CSAFPID-94299", "CSAFPID-94296", "CSAFPID-94294", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764258", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-611428", "CSAFPID-387666", "CSAFPID-9569", "CSAFPID-9611", "CSAFPID-9198", "CSAFPID-94298", "CSAFPID-94297", "CSAFPID-94293", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-611718", "CSAFPID-764263", "CSAFPID-387665", "CSAFPID-764264", "CSAFPID-9430", "CSAFPID-764265", "CSAFPID-631680", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-221114", "CSAFPID-221111", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-220172", "CSAFPID-220168", "CSAFPID-220170", "CSAFPID-221113", "CSAFPID-221112", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-220156", "CSAFPID-764747", "CSAFPID-220154", "CSAFPID-764748", "CSAFPID-220152", "CSAFPID-220151", "CSAFPID-224806", "CSAFPID-220173", "CSAFPID-258398", "CSAFPID-220171", "CSAFPID-220169", "CSAFPID-220157", "CSAFPID-220155", "CSAFPID-220153", "CSAFPID-220150", "CSAFPID-764749", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-345041", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-345040", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-94303", "CSAFPID-9129", "CSAFPID-94387", "CSAFPID-220552", "CSAFPID-220160", "CSAFPID-94386", "CSAFPID-344967", "CSAFPID-220194", "CSAFPID-94389", "CSAFPID-220553", "CSAFPID-220195", "CSAFPID-180211", "CSAFPID-201568", "CSAFPID-201569", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-219833", "CSAFPID-344846", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-765266", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-912568", "CSAFPID-912088", "CSAFPID-912569", "CSAFPID-912087", "CSAFPID-912570", "CSAFPID-912086", "CSAFPID-912571", "CSAFPID-912091", "CSAFPID-912572", "CSAFPID-912090", "CSAFPID-912573", "CSAFPID-912089", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912094", "CSAFPID-912578", "CSAFPID-912093", "CSAFPID-912579", "CSAFPID-912092", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912064", "CSAFPID-912583", "CSAFPID-912063", "CSAFPID-912584", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-912585", "CSAFPID-912096", "CSAFPID-912586", "CSAFPID-912099", "CSAFPID-912587", "CSAFPID-912098", "CSAFPID-912588", "CSAFPID-912097", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2022-31160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-31160.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9390", "CSAFPID-204520", "CSAFPID-94302", "CSAFPID-94301", "CSAFPID-94300", "CSAFPID-94299", "CSAFPID-94296", "CSAFPID-94294", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764258", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-611428", "CSAFPID-387666", "CSAFPID-9569", "CSAFPID-9611", "CSAFPID-9198", "CSAFPID-94298", "CSAFPID-94297", "CSAFPID-94293", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-611718", "CSAFPID-764263", "CSAFPID-387665", "CSAFPID-764264", "CSAFPID-9430", "CSAFPID-764265", "CSAFPID-631680", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-221114", "CSAFPID-221111", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-220172", "CSAFPID-220168", "CSAFPID-220170", "CSAFPID-221113", "CSAFPID-221112", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-220156", "CSAFPID-764747", "CSAFPID-220154", "CSAFPID-764748", "CSAFPID-220152", "CSAFPID-220151", "CSAFPID-224806", "CSAFPID-220173", "CSAFPID-258398", "CSAFPID-220171", "CSAFPID-220169", "CSAFPID-220157", "CSAFPID-220155", "CSAFPID-220153", "CSAFPID-220150", "CSAFPID-764749", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-345041", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-345040", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-94303", "CSAFPID-9129", "CSAFPID-94387", "CSAFPID-220552", "CSAFPID-220160", "CSAFPID-94386", "CSAFPID-344967", "CSAFPID-220194", "CSAFPID-94389", "CSAFPID-220553", "CSAFPID-220195", "CSAFPID-180211", "CSAFPID-201568", "CSAFPID-201569", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-219833", "CSAFPID-344846", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-765266", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-912568", "CSAFPID-912088", "CSAFPID-912569", "CSAFPID-912087", "CSAFPID-912570", "CSAFPID-912086", "CSAFPID-912571", "CSAFPID-912091", "CSAFPID-912572", "CSAFPID-912090", "CSAFPID-912573", "CSAFPID-912089", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912094", "CSAFPID-912578", "CSAFPID-912093", "CSAFPID-912579", "CSAFPID-912092", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912064", "CSAFPID-912583", "CSAFPID-912063", "CSAFPID-912584", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-912585", "CSAFPID-912096", "CSAFPID-912586", "CSAFPID-912099", "CSAFPID-912587", "CSAFPID-912098", "CSAFPID-912588", "CSAFPID-912097", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2022-31160", }, { cve: "CVE-2023-34055", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-344846", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764265", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-765266", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-912062", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912095", "CSAFPID-912096", "CSAFPID-912097", "CSAFPID-912098", "CSAFPID-912099", "CSAFPID-912568", "CSAFPID-912569", "CSAFPID-912570", "CSAFPID-912571", "CSAFPID-912572", "CSAFPID-912573", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912578", "CSAFPID-912579", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912583", "CSAFPID-912584", "CSAFPID-912585", "CSAFPID-912586", "CSAFPID-912587", "CSAFPID-912588", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-34055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34055.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-344846", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764265", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-765266", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-912062", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912095", "CSAFPID-912096", "CSAFPID-912097", "CSAFPID-912098", "CSAFPID-912099", "CSAFPID-912568", "CSAFPID-912569", "CSAFPID-912570", "CSAFPID-912571", "CSAFPID-912572", "CSAFPID-912573", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912578", "CSAFPID-912579", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912583", "CSAFPID-912584", "CSAFPID-912585", "CSAFPID-912586", "CSAFPID-912587", "CSAFPID-912588", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-34055", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-50447", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-50447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50447.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-50447", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-1673482", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673482", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673520", "CSAFPID-1673521", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673520", "CSAFPID-1673521", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-21281", product_status: { known_affected: [ "CSAFPID-1673189", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21281", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21281.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-1673189", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21281", }, { cve: "CVE-2024-21284", product_status: { known_affected: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21284", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21284.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21284", }, { cve: "CVE-2024-21285", product_status: { known_affected: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21285", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21285.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21285", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-221102", "CSAFPID-221103", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-221102", "CSAFPID-221103", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-221107", "CSAFPID-221103", "CSAFPID-221106", "CSAFPID-221102", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-221107", "CSAFPID-221103", "CSAFPID-221106", "CSAFPID-221102", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673498", "CSAFPID-1673499", "CSAFPID-1673500", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-32007", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32007.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673498", "CSAFPID-1673499", "CSAFPID-1673500", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-32007", }, { cve: "CVE-2024-32114", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "other", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, ], product_status: { known_affected: [ "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-32114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-32114", }, { cve: "CVE-2024-43407", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-221102", "CSAFPID-221108", "CSAFPID-221107", "CSAFPID-221104", "CSAFPID-221103", "CSAFPID-221105", "CSAFPID-221101", "CSAFPID-221106", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-43407", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43407.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-221102", "CSAFPID-221108", "CSAFPID-221107", "CSAFPID-221104", "CSAFPID-221103", "CSAFPID-221105", "CSAFPID-221101", "CSAFPID-221106", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-43407", }, ], }
ncsc-2024-0416
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:18
Modified
2024-10-17 13:18
Summary
Kwetsbaarheden verholpen in Oracle Financial Services Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Financial Services Applications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site-Scripting (XSS)
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1325
Improperly Controlled Sequential Memory Allocation
CWE-1188
Initialization of a Resource with an Insecure Default
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-404
Improper Resource Shutdown or Release
CWE-306
Missing Authentication for Critical Function
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-295
Improper Certificate Validation
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Financial Services Applications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Cross-Site-Scripting (XSS)\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, { category: "general", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Financial Services Applications", tracking: { current_release_date: "2024-10-17T13:18:45.385015Z", id: "NCSC-2024-0416", initial_release_date: "2024-10-17T13:18:45.385015Z", revision_history: [ { date: "2024-10-17T13:18:45.385015Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221114", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221109", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221107", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221106", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816814", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221103", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-221102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-816816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_apis", product: { name: "banking_apis", product_id: "CSAFPID-94294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_apis:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-764256", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-1503320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912088", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912087", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912086", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912568", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_branch", product: { name: "banking_branch", product_id: "CSAFPID-912570", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_branch:_reports___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-764257", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1503613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912091", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912090", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-220172", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-220168", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1673521", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-1673498", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912571", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912572", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_cash_management", product: { name: "banking_cash_management", product_id: "CSAFPID-912573", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_cash_management:_accessibility___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_collections_and_recovery", product: { name: "banking_collections_and_recovery", product_id: "CSAFPID-816817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_collections_and_recovery:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending", product: { name: "banking_corporate_lending", product_id: "CSAFPID-764258", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-764259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503615", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503616", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-764260", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-1503620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_credit_facilities_process_management", product: { name: "banking_credit_facilities_process_management", product_id: "CSAFPID-220170", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-912574", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-611428", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_deposits_and_lines_of_credit_servicing", product: { name: "banking_deposits_and_lines_of_credit_servicing", product_id: "CSAFPID-387666", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9129", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816818", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221108", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-9198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221105", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816819", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221104", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-221101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-816821", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_digital_experience", product: { name: "banking_digital_experience", product_id: "CSAFPID-94293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_digital_experience:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_electronic_data_exchange_for_corporates", product: { name: "banking_electronic_data_exchange_for_corporates", product_id: "CSAFPID-764261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-816822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-912575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_enterprise_default_management", product: { name: "banking_enterprise_default_management", product_id: "CSAFPID-912576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_extensibility_workbench", product: { name: "banking_extensibility_workbench", product_id: "CSAFPID-816823", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_extensibility_workbench:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764262", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912094", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912093", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220154", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912092", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764748", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220152", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-816824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-220151", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673482", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673499", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_common___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:_infrastructure___14.7.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_loans_servicing", product: { name: "banking_loans_servicing", product_id: "CSAFPID-912581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_loans_servicing", product: { name: "banking_loans_servicing", product_id: "CSAFPID-611718", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_loans_servicing:2.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-764263", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-224806", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912062", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-258398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-220173", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:_basic_config_maintenances___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-816825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-912095", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_party_management", product: { name: "banking_party_management", product_id: "CSAFPID-387665", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_party_management:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-764264", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-94387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-220552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_payments", product: { name: "banking_payments", product_id: "CSAFPID-220160", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_payments:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-912585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.12.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-204520", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-1503621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-9430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-912096", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_platform", product: { name: "banking_platform", product_id: "CSAFPID-9390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-764265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-220171", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-220169", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-1673520", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_supply_chain_finance", product: { name: "banking_supply_chain_finance", product_id: "CSAFPID-1673500", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_supply_chain_finance:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-631680", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-94386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-344967", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance", product: { name: "banking_trade_finance", product_id: "CSAFPID-220194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-764266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220155", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220153", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.7.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_trade_finance_process_management", product: { name: "banking_trade_finance_process_management", product_id: "CSAFPID-220150", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.7.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-764749", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-94389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-220553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_treasury_management", product: { name: "banking_treasury_management", product_id: "CSAFPID-220195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_treasury_management:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-764267", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912099", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-180211", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912098", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-201568", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912097", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-201569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:14.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_virtual_account_management", product: { name: "banking_virtual_account_management", product_id: "CSAFPID-912588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_virtual_account_management:_common_core___14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9711", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9522", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-8848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345042", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363146", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.7.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363129", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.1.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674656", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674659", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.5.0.12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674662", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674666", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674658", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:19.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674668", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:21.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674669", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:22.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674667", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:22.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674655", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:3.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674657", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:4.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674660", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:5.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674654", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_applications", product: { name: "financial_services_applications", product_id: "CSAFPID-1674665", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_applications:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_asset_liability_management", product: { name: "financial_services_asset_liability_management", product_id: "CSAFPID-363142", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_computation_engine", product: { name: "financial_services_balance_computation_engine", product_id: "CSAFPID-363130", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_computation_engine:8.1.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_sheet_planning", product: { name: "financial_services_balance_sheet_planning", product_id: "CSAFPID-363135", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-189067", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-345041", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-816828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1503630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_cash_flow_engine", product: { name: "financial_services_cash_flow_engine", product_id: "CSAFPID-764273", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_cash_flow_engine:8.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-345047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-816829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1673398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-391382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.0.8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363128", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363127", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363144", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363131", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363126", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363143", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-345040", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-816830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_financial_performance_analytics", product: { name: "financial_services_enterprise_financial_performance_analytics", product_id: "CSAFPID-363141", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_funds_transfer_pricing", product: { name: "financial_services_funds_transfer_pricing", product_id: "CSAFPID-363138", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_institutional_performance_analytics", product: { name: "financial_services_institutional_performance_analytics", product_id: "CSAFPID-363136", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_lending_and_leasing", product: { name: "financial_services_lending_and_leasing", product_id: "CSAFPID-816831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363145", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363140", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363134", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_profitability_management", product: { name: "financial_services_profitability_management", product_id: "CSAFPID-363139", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting_with_agilereporter", product: { name: "financial_services_regulatory_reporting_with_agilereporter", product_id: "CSAFPID-611433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.1.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_retail_performance_analytics", product: { name: "financial_services_retail_performance_analytics", product_id: "CSAFPID-363137", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-31160", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-9390", "CSAFPID-204520", "CSAFPID-94302", "CSAFPID-94301", "CSAFPID-94300", "CSAFPID-94299", "CSAFPID-94296", "CSAFPID-94294", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764258", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-611428", "CSAFPID-387666", "CSAFPID-9569", "CSAFPID-9611", "CSAFPID-9198", "CSAFPID-94298", "CSAFPID-94297", "CSAFPID-94293", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-611718", "CSAFPID-764263", "CSAFPID-387665", "CSAFPID-764264", "CSAFPID-9430", "CSAFPID-764265", "CSAFPID-631680", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-221114", "CSAFPID-221111", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-220172", "CSAFPID-220168", "CSAFPID-220170", "CSAFPID-221113", "CSAFPID-221112", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-220156", "CSAFPID-764747", "CSAFPID-220154", "CSAFPID-764748", "CSAFPID-220152", "CSAFPID-220151", "CSAFPID-224806", "CSAFPID-220173", "CSAFPID-258398", "CSAFPID-220171", "CSAFPID-220169", "CSAFPID-220157", "CSAFPID-220155", "CSAFPID-220153", "CSAFPID-220150", "CSAFPID-764749", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-345041", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-345040", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-94303", "CSAFPID-9129", "CSAFPID-94387", "CSAFPID-220552", "CSAFPID-220160", "CSAFPID-94386", "CSAFPID-344967", "CSAFPID-220194", "CSAFPID-94389", "CSAFPID-220553", "CSAFPID-220195", "CSAFPID-180211", "CSAFPID-201568", "CSAFPID-201569", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-219833", "CSAFPID-344846", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-765266", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-912568", "CSAFPID-912088", "CSAFPID-912569", "CSAFPID-912087", "CSAFPID-912570", "CSAFPID-912086", "CSAFPID-912571", "CSAFPID-912091", "CSAFPID-912572", "CSAFPID-912090", "CSAFPID-912573", "CSAFPID-912089", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912094", "CSAFPID-912578", "CSAFPID-912093", "CSAFPID-912579", "CSAFPID-912092", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912064", "CSAFPID-912583", "CSAFPID-912063", "CSAFPID-912584", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-912585", "CSAFPID-912096", "CSAFPID-912586", "CSAFPID-912099", "CSAFPID-912587", "CSAFPID-912098", "CSAFPID-912588", "CSAFPID-912097", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2022-31160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-31160.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9390", "CSAFPID-204520", "CSAFPID-94302", "CSAFPID-94301", "CSAFPID-94300", "CSAFPID-94299", "CSAFPID-94296", "CSAFPID-94294", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764258", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-611428", "CSAFPID-387666", "CSAFPID-9569", "CSAFPID-9611", "CSAFPID-9198", "CSAFPID-94298", "CSAFPID-94297", "CSAFPID-94293", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-611718", "CSAFPID-764263", "CSAFPID-387665", "CSAFPID-764264", "CSAFPID-9430", "CSAFPID-764265", "CSAFPID-631680", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-221114", "CSAFPID-221111", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-220172", "CSAFPID-220168", "CSAFPID-220170", "CSAFPID-221113", "CSAFPID-221112", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-220156", "CSAFPID-764747", "CSAFPID-220154", "CSAFPID-764748", "CSAFPID-220152", "CSAFPID-220151", "CSAFPID-224806", "CSAFPID-220173", "CSAFPID-258398", "CSAFPID-220171", "CSAFPID-220169", "CSAFPID-220157", "CSAFPID-220155", "CSAFPID-220153", "CSAFPID-220150", "CSAFPID-764749", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-345041", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-345040", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-94303", "CSAFPID-9129", "CSAFPID-94387", "CSAFPID-220552", "CSAFPID-220160", "CSAFPID-94386", "CSAFPID-344967", "CSAFPID-220194", "CSAFPID-94389", "CSAFPID-220553", "CSAFPID-220195", "CSAFPID-180211", "CSAFPID-201568", "CSAFPID-201569", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-219833", "CSAFPID-344846", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-765266", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-912568", "CSAFPID-912088", "CSAFPID-912569", "CSAFPID-912087", "CSAFPID-912570", "CSAFPID-912086", "CSAFPID-912571", "CSAFPID-912091", "CSAFPID-912572", "CSAFPID-912090", "CSAFPID-912573", "CSAFPID-912089", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912094", "CSAFPID-912578", "CSAFPID-912093", "CSAFPID-912579", "CSAFPID-912092", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912064", "CSAFPID-912583", "CSAFPID-912063", "CSAFPID-912584", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-912585", "CSAFPID-912096", "CSAFPID-912586", "CSAFPID-912099", "CSAFPID-912587", "CSAFPID-912098", "CSAFPID-912588", "CSAFPID-912097", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2022-31160", }, { cve: "CVE-2023-34055", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-344846", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764265", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-765266", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-912062", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912095", "CSAFPID-912096", "CSAFPID-912097", "CSAFPID-912098", "CSAFPID-912099", "CSAFPID-912568", "CSAFPID-912569", "CSAFPID-912570", "CSAFPID-912571", "CSAFPID-912572", "CSAFPID-912573", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912578", "CSAFPID-912579", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912583", "CSAFPID-912584", "CSAFPID-912585", "CSAFPID-912586", "CSAFPID-912587", "CSAFPID-912588", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-34055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34055.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-221109", "CSAFPID-221107", "CSAFPID-221106", "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-221110", "CSAFPID-221108", "CSAFPID-221105", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-344846", "CSAFPID-764256", "CSAFPID-764257", "CSAFPID-764259", "CSAFPID-764260", "CSAFPID-764261", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764265", "CSAFPID-764266", "CSAFPID-764267", "CSAFPID-765266", "CSAFPID-816813", "CSAFPID-816814", "CSAFPID-816815", "CSAFPID-816816", "CSAFPID-816817", "CSAFPID-816818", "CSAFPID-816819", "CSAFPID-816820", "CSAFPID-816821", "CSAFPID-816822", "CSAFPID-816823", "CSAFPID-816824", "CSAFPID-816825", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-912062", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912095", "CSAFPID-912096", "CSAFPID-912097", "CSAFPID-912098", "CSAFPID-912099", "CSAFPID-912568", "CSAFPID-912569", "CSAFPID-912570", "CSAFPID-912571", "CSAFPID-912572", "CSAFPID-912573", "CSAFPID-912574", "CSAFPID-912575", "CSAFPID-912576", "CSAFPID-912577", "CSAFPID-912578", "CSAFPID-912579", "CSAFPID-912580", "CSAFPID-912581", "CSAFPID-912582", "CSAFPID-912583", "CSAFPID-912584", "CSAFPID-912585", "CSAFPID-912586", "CSAFPID-912587", "CSAFPID-912588", "CSAFPID-912589", "CSAFPID-1503320", "CSAFPID-1503613", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-1503621", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-34055", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-50447", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", title: "CWE-95", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-50447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50447.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2023-50447", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1673398", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-1673482", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673482", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673520", "CSAFPID-1673521", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673520", "CSAFPID-1673521", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-21281", product_status: { known_affected: [ "CSAFPID-1673189", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21281", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21281.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-1673189", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21281", }, { cve: "CVE-2024-21284", product_status: { known_affected: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21284", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21284.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21284", }, { cve: "CVE-2024-21285", product_status: { known_affected: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-21285", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21285.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673190", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-21285", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-221102", "CSAFPID-221103", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-221102", "CSAFPID-221103", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-221107", "CSAFPID-221103", "CSAFPID-221106", "CSAFPID-221102", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-221107", "CSAFPID-221103", "CSAFPID-221106", "CSAFPID-221102", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673498", "CSAFPID-1673499", "CSAFPID-1673500", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-32007", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32007.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673498", "CSAFPID-1673499", "CSAFPID-1673500", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-32007", }, { cve: "CVE-2024-32114", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "other", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, ], product_status: { known_affected: [ "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-32114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221103", "CSAFPID-221102", "CSAFPID-221104", "CSAFPID-221101", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", "CSAFPID-1503320", "CSAFPID-912088", "CSAFPID-912087", "CSAFPID-912086", "CSAFPID-1503613", "CSAFPID-912091", "CSAFPID-912090", "CSAFPID-912089", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503618", "CSAFPID-1503619", "CSAFPID-1503620", "CSAFPID-912574", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912095", "CSAFPID-1503621", "CSAFPID-912099", "CSAFPID-912098", "CSAFPID-912097", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", ], }, ], title: "CVE-2024-32114", }, { cve: "CVE-2024-43407", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-221102", "CSAFPID-221108", "CSAFPID-221107", "CSAFPID-221104", "CSAFPID-221103", "CSAFPID-221105", "CSAFPID-221101", "CSAFPID-221106", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, references: [ { category: "self", summary: "CVE-2024-43407", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43407.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-221102", "CSAFPID-221108", "CSAFPID-221107", "CSAFPID-221104", "CSAFPID-221103", "CSAFPID-221105", "CSAFPID-221101", "CSAFPID-221106", "CSAFPID-1674653", "CSAFPID-1674654", "CSAFPID-1674655", "CSAFPID-1674656", "CSAFPID-1674657", "CSAFPID-1674658", "CSAFPID-1674659", "CSAFPID-1674660", "CSAFPID-1674661", "CSAFPID-1674662", "CSAFPID-1674663", "CSAFPID-1674664", "CSAFPID-1674665", "CSAFPID-1674666", "CSAFPID-1674667", "CSAFPID-1674668", "CSAFPID-1674669", ], }, ], title: "CVE-2024-43407", }, ], }
wid-sec-w-2024-3192
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3192 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3192.json", }, { category: "self", summary: "WID-SEC-2024-3192 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3192", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Financial Services Applications vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:34.165+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3192", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "4.0.0.0.0", product: { name: "Oracle Financial Services Applications 4.0.0.0.0", product_id: "T023933", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:4.0.0.0.0", }, }, }, { category: "product_version", name: "19.2.0.0.0", product: { name: "Oracle Financial Services Applications 19.2.0.0.0", product_id: "T028694", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.2.0.0.0", }, }, }, { category: "product_version", name: "21.1.0.0.0", product: { name: "Oracle Financial Services Applications 21.1.0.0.0", product_id: "T028695", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1.0.0.0", }, }, }, { category: "product_version", name: "22.1.0.0.0", product: { name: "Oracle Financial Services Applications 22.1.0.0.0", product_id: "T028696", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1.0.0.0", }, }, }, { category: "product_version", name: "22.2.0.0.0", product: { name: "Oracle Financial Services Applications 22.2.0.0.0", product_id: "T028697", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2.0.0.0", }, }, }, { category: "product_version", name: "14.7.0.0.0", product: { name: "Oracle Financial Services Applications 14.7.0.0.0", product_id: "T028702", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.0.0", }, }, }, { category: "product_version", name: "14.5.0.0.0", product: { name: "Oracle Financial Services Applications 14.5.0.0.0", product_id: "T034160", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.5.0.0.0", }, }, }, { category: "product_version", name: "14.6.0.0.0", product: { name: "Oracle Financial Services Applications 14.6.0.0.0", product_id: "T034161", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.0.0", }, }, }, { category: "product_version", name: "3.0.0.0.0", product: { name: "Oracle Financial Services Applications 3.0.0.0.0", product_id: "T034165", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.0.0.0.0", }, }, }, { category: "product_version", name: "14.4.0.0.0", product: { name: "Oracle Financial Services Applications 14.4.0.0.0", product_id: "T036215", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.4.0.0.0", }, }, }, { category: "product_version", name: "8.1.2.7", product: { name: "Oracle Financial Services Applications 8.1.2.7", product_id: "T036217", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.7", }, }, }, { category: "product_version", name: "14.7.4.0.0", product: { name: "Oracle Financial Services Applications 14.7.4.0.0", product_id: "T038391", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.4.0.0", }, }, }, { category: "product_version", name: "8.1.2.8", product: { name: "Oracle Financial Services Applications 8.1.2.8", product_id: "T038392", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.8", }, }, }, { category: "product_version", name: "14.7.5.0.0", product: { name: "Oracle Financial Services Applications 14.7.5.0.0", product_id: "T038393", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.5.0.0", }, }, }, { category: "product_version", name: "14.5.0.12.0", product: { name: "Oracle Financial Services Applications 14.5.0.12.0", product_id: "T038394", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.5.0.12.0", }, }, }, { category: "product_version", name: "5.0.0.0.0", product: { name: "Oracle Financial Services Applications 5.0.0.0.0", product_id: "T038395", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:5.0.0.0.0", }, }, }, { category: "product_version", name: "14.7.0.6.0", product: { name: "Oracle Financial Services Applications 14.7.0.6.0", product_id: "T038396", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.6.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-50447", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-50447", }, { cve: "CVE-2024-0232", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-0232", }, { cve: "CVE-2024-21281", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21281", }, { cve: "CVE-2024-21284", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21284", }, { cve: "CVE-2024-21285", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21285", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-2511", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-2511", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-32007", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32007", }, { cve: "CVE-2024-32114", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32114", }, { cve: "CVE-2024-43407", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-43407", }, { cve: "CVE-2024-5535", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028694", "T036217", "T034165", "T036215", "T023933", "T038393", "T038394", "T038395", "T038396", "T034161", "T034160", "T038391", "T038392", "T028702", "T028697", "T028695", "T028696", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-5535", }, ], }
wid-sec-w-2024-1678
Vulnerability from csaf_certbund
Published
2024-07-18 22:00
Modified
2024-11-17 23:00
Summary
Apache CXF: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache CXF ist ein Open Source-Web Service-Framework.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apache CXF ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache CXF ist ein Open Source-Web Service-Framework.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apache CXF ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.", title: "Angriff", }, { category: "general", text: "- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1678 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1678.json", }, { category: "self", summary: "WID-SEC-2024-1678 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1678", }, { category: "external", summary: "Apache Security Advisory vom 2024-07-18", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-29736.txt?version=1&modificationDate=1721314668000&api=v2", }, { category: "external", summary: "Apache Security Advisory vom 2024-07-18", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-32007.txt?version=1&modificationDate=1721314761000&api=v2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6508 vom 2024-09-10", url: "https://access.redhat.com/errata/RHSA-2024:6508", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6508 vom 2024-09-10", url: "https://rhn.redhat.com/errata/RHSA-2024:6508.html", }, { category: "external", summary: "Atlassian Security Bulletin - September 17 2024", url: "https://confluence.atlassian.com/security/security-bulletin-september-17-2024-1431249025.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6883 vom 2024-09-19", url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7052 vom 2024-09-24", url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8823 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8823", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8824 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8824", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8826 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8826", }, { category: "external", summary: "NetApp Security Advisory NTAP-20241115-0003 vom 2024-11-15", url: "https://security.netapp.com/advisory/ntap-20241115-0003/", }, ], source_lang: "en-US", title: "Apache CXF: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-17T23:00:00.000+00:00", generator: { date: "2024-11-18T10:04:48.186+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1678", initial_release_date: "2024-07-18T22:00:00.000+00:00", revision_history: [ { date: "2024-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-09-09T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-17T22:00:00.000+00:00", number: "3", summary: "Neue Updates aufgenommen", }, { date: "2024-09-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-24T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-04T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-17T23:00:00.000+00:00", number: "7", summary: "Neue Updates von NetApp aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<3.5.9", product: { name: "Apache CXF <3.5.9", product_id: "T036367", }, }, { category: "product_version", name: "3.5.9", product: { name: "Apache CXF 3.5.9", product_id: "T036367-fixed", product_identification_helper: { cpe: "cpe:/a:apache:cxf:3.5.9", }, }, }, { category: "product_version_range", name: "<3.6.4", product: { name: "Apache CXF <3.6.4", product_id: "T036368", }, }, { category: "product_version", name: "3.6.4", product: { name: "Apache CXF 3.6.4", product_id: "T036368-fixed", product_identification_helper: { cpe: "cpe:/a:apache:cxf:3.6.4", }, }, }, { category: "product_version_range", name: "<4.0.5", product: { name: "Apache CXF <4.0.5", product_id: "T036369", }, }, { category: "product_version", name: "4.0.5", product: { name: "Apache CXF 4.0.5", product_id: "T036369-fixed", product_identification_helper: { cpe: "cpe:/a:apache:cxf:4.0.5", }, }, }, ], category: "product_name", name: "CXF", }, ], category: "vendor", name: "Apache", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.0.0", product: { name: "Atlassian Bitbucket <9.0.0", product_id: "T037684", }, }, { category: "product_version", name: "9.0.0", product: { name: "Atlassian Bitbucket 9.0.0", product_id: "T037684-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:9.0.0", }, }, }, { category: "product_version_range", name: "<8.9.19", product: { name: "Atlassian Bitbucket <8.9.19", product_id: "T037685", }, }, { category: "product_version", name: "8.9.19", product: { name: "Atlassian Bitbucket 8.9.19", product_id: "T037685-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:8.9.19", }, }, }, { category: "product_version_range", name: "<8.19.9", product: { name: "Atlassian Bitbucket <8.19.9", product_id: "T037686", }, }, { category: "product_version", name: "8.19.9", product: { name: "Atlassian Bitbucket 8.19.9", product_id: "T037686-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:8.19.9", }, }, }, ], category: "product_name", name: "Bitbucket", }, ], category: "vendor", name: "Atlassian", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T034126", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29736", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in der WADL-Dienstbeschreibungsfunktion in Apache CXF aufgrund einer serverseitigen Anforderungsfälschung. Durch das Senden einer bösartigen Anfrage, die einen speziell gestalteten Stylesheet-Parameter enthält, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um nicht autorisierte Anfragen an interne oder externe Dienste zu stellen und so eine Datenexfiltration durchzuführen.", }, ], product_status: { known_affected: [ "T034126", "67646", "T037686", "T036367", "T036368", "T036369", "T037684", "T037685", ], }, release_date: "2024-07-18T22:00:00.000+00:00", title: "CVE-2024-29736", }, { cve: "CVE-2024-32007", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apache CXF. Diese Fehler bestehen in den Komponenten Jose und HTTPClient aufgrund eines unkontrollierten Speicherverbrauchs und einer unsachgemäßen Eingabeneutralisierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T034126", "67646", "T037686", "T036367", "T036368", "T036369", "T037684", "T037685", ], }, release_date: "2024-07-18T22:00:00.000+00:00", title: "CVE-2024-32007", }, { cve: "CVE-2024-41172", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apache CXF. Diese Fehler bestehen in den Komponenten Jose und HTTPClient aufgrund eines unkontrollierten Speicherverbrauchs und einer unsachgemäßen Eingabeneutralisierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T034126", "67646", "T037686", "T036367", "T036368", "T036369", "T037684", "T037685", ], }, release_date: "2024-07-18T22:00:00.000+00:00", title: "CVE-2024-41172", }, ], }
fkie_cve-2024-32007
Vulnerability from fkie_nvd
Published
2024-07-19 09:15
Modified
2024-11-21 09:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0BA29F-721E-4599-A7AC-32DAC5AB44D5", versionEndExcluding: "3.5.9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", matchCriteriaId: "7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1", versionEndExcluding: "3.6.4", versionStartIncluding: "3.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", matchCriteriaId: "ACAFECF5-75A5-4397-A588-F51D09717335", versionEndExcluding: "4.0.5", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. \n", }, { lang: "es", value: " Una validación de entrada incorrecta del parámetro p2c en el código Apache CXF JOSE anterior a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar un ataque de denegación de servicio especificando un valor grande para este parámetro en un token.", }, ], id: "CVE-2024-32007", lastModified: "2024-11-21T09:14:20.010", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-19T09:15:04.713", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240808-0009/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-400", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
rhsa-2024:6883
Vulnerability from csaf_redhat
Published
2024-09-19 16:46
Modified
2025-03-05 22:39
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6883", url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6883.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.", tracking: { current_release_date: "2025-03-05T22:39:06+00:00", generator: { date: "2025-03-05T22:39:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.0", }, }, id: "RHSA-2024:6883", initial_release_date: "2024-09-19T16:46:46+00:00", revision_history: [ { date: "2024-09-19T16:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-19T16:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-05T22:39:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product: { name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_id: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2024-06-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2292211", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", title: "Vulnerability description", }, { category: "summary", text: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", title: "Vulnerability summary", }, { category: "other", text: "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow's mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-5971", }, { category: "external", summary: "RHBZ#2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-5971", url: "https://www.cve.org/CVERecord?id=CVE-2024-5971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", }, ], release_date: "2024-07-08T20:46:55+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-07-19T09:20:09+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298827", }, ], notes: [ { category: "description", text: "A Server-side request forgery (SSRF) vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", title: "Vulnerability summary", }, { category: "other", text: "This SSRF vulnerability in Apache CXF's WADL service description is of significant severity because it allows an attacker to manipulate server-side requests, potentially leading to unauthorized access to internal resources. By exploiting this flaw, an attacker can craft malicious requests that bypass traditional security controls, enabling the server to communicate with internal systems, which may include databases, cloud services, or other sensitive infrastructure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29736", }, { category: "external", summary: "RHBZ#2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29736", url: "https://www.cve.org/CVERecord?id=CVE-2024-29736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", }, { category: "external", summary: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", url: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", }, { category: "external", summary: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", url: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", url: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
rhsa-2024_7052
Vulnerability from csaf_redhat
Published
2024-09-24 12:51
Modified
2024-12-17 14:23
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in
* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size
* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size
* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients
* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in \n* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE\n* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients\n* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7052", url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45294", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-8391", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-32007", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-41172", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-35255", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7052.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)", tracking: { current_release_date: "2024-12-17T14:23:49+00:00", generator: { date: "2024-12-17T14:23:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:7052", initial_release_date: "2024-09-24T12:51:36+00:00", revision_history: [ { date: "2024-09-24T12:51:36+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-24T12:51:36+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T14:23:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel for Quarkus", product: { name: "Red Hat build of Apache Camel for Quarkus", product_id: "Red Hat build of Apache Camel for Quarkus", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-8391", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-09-04T16:20:44.762419+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309758", }, ], notes: [ { category: "description", text: "A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "RHBZ#2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8391", url: "https://www.cve.org/CVERecord?id=CVE-2024-8391", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", }, { category: "external", summary: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", url: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", }, ], release_date: "2024-09-04T16:15:09.253000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-35255", discovery_date: "2024-07-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295081", }, ], notes: [ { category: "description", text: "A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privilege escalation, allowing attackers to gain unauthorized access to sensitive information. The vulnerability affects multiple versions of these libraries across various programming languages, including Java, .NET, Node.js, Python, JavaScript, C++, and Go. Microsoft has addressed this issue by releasing updated versions of the affected libraries. Users are strongly advised to upgrade to these patched versions to mitigate potential security risks.", title: "Vulnerability description", }, { category: "summary", text: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "RHBZ#2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-35255", url: "https://www.cve.org/CVERecord?id=CVE-2024-35255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", }, { category: "external", summary: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", url: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", }, { category: "external", summary: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", url: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", }, { category: "external", summary: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", url: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", }, ], release_date: "2024-07-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", }, { cve: "CVE-2024-41172", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2024-07-19T09:20:34+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298829", }, ], notes: [ { category: "description", text: "A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "RHBZ#2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41172", url: "https://www.cve.org/CVERecord?id=CVE-2024-41172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", }, { category: "external", summary: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", url: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", }, { category: "external", summary: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", url: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", url: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
RHSA-2024:6883
Vulnerability from csaf_redhat
Published
2024-09-19 16:46
Modified
2025-03-05 22:39
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6883", url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6883.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.", tracking: { current_release_date: "2025-03-05T22:39:06+00:00", generator: { date: "2025-03-05T22:39:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.0", }, }, id: "RHSA-2024:6883", initial_release_date: "2024-09-19T16:46:46+00:00", revision_history: [ { date: "2024-09-19T16:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-19T16:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-05T22:39:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product: { name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_id: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2024-06-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2292211", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", title: "Vulnerability description", }, { category: "summary", text: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", title: "Vulnerability summary", }, { category: "other", text: "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow's mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-5971", }, { category: "external", summary: "RHBZ#2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-5971", url: "https://www.cve.org/CVERecord?id=CVE-2024-5971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", }, ], release_date: "2024-07-08T20:46:55+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-07-19T09:20:09+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298827", }, ], notes: [ { category: "description", text: "A Server-side request forgery (SSRF) vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", title: "Vulnerability summary", }, { category: "other", text: "This SSRF vulnerability in Apache CXF's WADL service description is of significant severity because it allows an attacker to manipulate server-side requests, potentially leading to unauthorized access to internal resources. By exploiting this flaw, an attacker can craft malicious requests that bypass traditional security controls, enabling the server to communicate with internal systems, which may include databases, cloud services, or other sensitive infrastructure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29736", }, { category: "external", summary: "RHBZ#2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29736", url: "https://www.cve.org/CVERecord?id=CVE-2024-29736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", }, { category: "external", summary: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", url: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", }, { category: "external", summary: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", url: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", url: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
rhsa-2024_6883
Vulnerability from csaf_redhat
Published
2024-09-19 16:46
Modified
2024-12-12 21:44
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* org.apache.cxf/cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter (CVE-2024-29736)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE (CVE-2024-32007)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6883", url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6883.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.", tracking: { current_release_date: "2024-12-12T21:44:58+00:00", generator: { date: "2024-12-12T21:44:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:6883", initial_release_date: "2024-09-19T16:46:46+00:00", revision_history: [ { date: "2024-09-19T16:46:46+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-19T16:46:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-12T21:44:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product: { name: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_id: "Red Hat build of Apache Camel 3.20.7 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2024-06-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2292211", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", title: "Vulnerability description", }, { category: "summary", text: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", title: "Vulnerability summary", }, { category: "other", text: "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow's mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-5971", }, { category: "external", summary: "RHBZ#2292211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-5971", url: "https://www.cve.org/CVERecord?id=CVE-2024-5971", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", }, ], release_date: "2024-07-08T20:46:55+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-07-19T09:20:09+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298827", }, ], notes: [ { category: "description", text: "A Server-side request forgery (SSRF) vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", title: "Vulnerability summary", }, { category: "other", text: "This SSRF vulnerability in Apache CXF's WADL service description is of significant severity because it allows an attacker to manipulate server-side requests, potentially leading to unauthorized access to internal resources. By exploiting this flaw, an attacker can craft malicious requests that bypass traditional security controls, enabling the server to communicate with internal systems, which may include databases, cloud services, or other sensitive infrastructure.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29736", }, { category: "external", summary: "RHBZ#2298827", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298827", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29736", url: "https://www.cve.org/CVERecord?id=CVE-2024-29736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29736", }, { category: "external", summary: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", url: "https://github.com/advisories/GHSA-5m3j-pxh7-455p", }, { category: "external", summary: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", url: "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", url: "https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-19T16:46:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6883", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 3.20.7 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
RHSA-2024:7052
Vulnerability from csaf_redhat
Published
2024-09-24 12:51
Modified
2025-03-27 17:01
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in
* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size
* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size
* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients
* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in \n* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE\n* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients\n* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7052", url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45294", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-8391", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-32007", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-41172", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-35255", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7052.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)", tracking: { current_release_date: "2025-03-27T17:01:46+00:00", generator: { date: "2025-03-27T17:01:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7052", initial_release_date: "2024-09-24T12:51:36+00:00", revision_history: [ { date: "2024-09-24T12:51:36+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-24T12:51:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T17:01:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4 for Quarkus 3", product: { name: "Red Hat build of Apache Camel 4 for Quarkus 3", product_id: "Red Hat build of Apache Camel 4 for Quarkus 3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-8391", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-09-04T16:20:44.762419+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309758", }, ], notes: [ { category: "description", text: "A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "RHBZ#2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8391", url: "https://www.cve.org/CVERecord?id=CVE-2024-8391", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", }, { category: "external", summary: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", url: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", }, ], release_date: "2024-09-04T16:15:09.253000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-35255", discovery_date: "2024-07-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295081", }, ], notes: [ { category: "description", text: "A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privilege escalation, allowing attackers to gain unauthorized access to sensitive information. The vulnerability affects multiple versions of these libraries across various programming languages, including Java, .NET, Node.js, Python, JavaScript, C++, and Go. Microsoft has addressed this issue by releasing updated versions of the affected libraries. Users are strongly advised to upgrade to these patched versions to mitigate potential security risks.", title: "Vulnerability description", }, { category: "summary", text: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "RHBZ#2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-35255", url: "https://www.cve.org/CVERecord?id=CVE-2024-35255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", }, { category: "external", summary: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", url: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", }, { category: "external", summary: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", url: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", }, { category: "external", summary: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", url: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", }, ], release_date: "2024-07-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", }, { cve: "CVE-2024-41172", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2024-07-19T09:20:34+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298829", }, ], notes: [ { category: "description", text: "A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "RHBZ#2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41172", url: "https://www.cve.org/CVERecord?id=CVE-2024-41172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", }, { category: "external", summary: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", url: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", }, { category: "external", summary: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", url: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", url: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
rhsa-2024:7052
Vulnerability from csaf_redhat
Published
2024-09-24 12:51
Modified
2025-03-27 17:01
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in
* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in
* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size
* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size
* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE
* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients
* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in \n* CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in \n* CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size\n* CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE\n* CVE-2024-41172 org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients\n* CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7052", url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-45294", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-8391", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-32007", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-41172", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2024-35255", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7052.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)", tracking: { current_release_date: "2025-03-27T17:01:46+00:00", generator: { date: "2025-03-27T17:01:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7052", initial_release_date: "2024-09-24T12:51:36+00:00", revision_history: [ { date: "2024-09-24T12:51:36+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-24T12:51:36+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T17:01:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4 for Quarkus 3", product: { name: "Red Hat build of Apache Camel 4 for Quarkus 3", product_id: "Red Hat build of Apache Camel 4 for Quarkus 3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-8391", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-09-04T16:20:44.762419+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309758", }, ], notes: [ { category: "description", text: "A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8391", }, { category: "external", summary: "RHBZ#2309758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309758", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8391", url: "https://www.cve.org/CVERecord?id=CVE-2024-8391", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8391", }, { category: "external", summary: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", url: "https://github.com/eclipse-vertx/vertx-grpc/issues/113", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31", }, ], release_date: "2024-09-04T16:15:09.253000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size", }, { cve: "CVE-2024-32007", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298828", }, ], notes: [ { category: "description", text: "An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", title: "Vulnerability summary", }, { category: "other", text: "The improper input validation vulnerability in the p2c parameter of Apache CXF JOSE is considered a moderate severity issue rather than a important one due to its limited scope and impact. While the flaw allows an attacker to specify a large value for the p2c parameter, leading to potential denial of service (DoS) attacks by causing excessive computational overhead, it does not compromise data integrity, confidentiality, or authentication mechanisms directly. The attack vector primarily affects system availability and exploiting this vulnerability requires the ability to send crafted tokens.\n\nBase EAP (7.4 and 8) and EAP XP (4 and 5) do not ship this affected CXF jaxrs artifact. cxf-rt-rs-security-jose is part of CXF's JAX-RS, and EAP uses RESTEasy, hence it's not-affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-32007", }, { category: "external", summary: "RHBZ#2298828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298828", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-32007", url: "https://www.cve.org/CVERecord?id=CVE-2024-32007", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { category: "external", summary: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", url: "https://github.com/advisories/GHSA-6pff-fmh2-4mmf", }, { category: "external", summary: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE", }, { cve: "CVE-2024-35255", discovery_date: "2024-07-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295081", }, ], notes: [ { category: "description", text: "A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privilege escalation, allowing attackers to gain unauthorized access to sensitive information. The vulnerability affects multiple versions of these libraries across various programming languages, including Java, .NET, Node.js, Python, JavaScript, C++, and Go. Microsoft has addressed this issue by releasing updated versions of the affected libraries. Users are strongly advised to upgrade to these patched versions to mitigate potential security risks.", title: "Vulnerability description", }, { category: "summary", text: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-35255", }, { category: "external", summary: "RHBZ#2295081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-35255", url: "https://www.cve.org/CVERecord?id=CVE-2024-35255", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", }, { category: "external", summary: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", url: "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", }, { category: "external", summary: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", url: "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", }, { category: "external", summary: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", url: "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", }, { category: "external", summary: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", }, ], release_date: "2024-07-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", }, { cve: "CVE-2024-41172", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2024-07-19T09:20:34+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2298829", }, ], notes: [ { category: "description", text: "A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory.", title: "Vulnerability description", }, { category: "summary", text: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41172", }, { category: "external", summary: "RHBZ#2298829", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2298829", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41172", url: "https://www.cve.org/CVERecord?id=CVE-2024-41172", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41172", }, { category: "external", summary: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", url: "https://github.com/advisories/GHSA-4mgg-fqfq-64hg", }, { category: "external", summary: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", url: "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6", }, { category: "external", summary: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", url: "https://osv.dev/vulnerability/GHSA-4mgg-fqfq-64hg", }, ], release_date: "2024-07-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-24T12:51:36+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7052", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, ], }
ghsa-6pff-fmh2-4mmf
Vulnerability from github
Published
2024-07-19 09:32
Modified
2024-07-19 18:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
Apache CXF Denial of Service vulnerability in JOSE
Details
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.cxf:cxf-rt-rs-security-jose", }, ranges: [ { events: [ { introduced: "4.0.0", }, { fixed: "4.0.5", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.cxf:cxf-rt-rs-security-jose", }, ranges: [ { events: [ { introduced: "3.6.0", }, { fixed: "3.6.4", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.cxf:cxf-rt-rs-security-jose", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "3.5.9", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-32007", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: true, github_reviewed_at: "2024-07-19T18:34:49Z", nvd_published_at: "2024-07-19T09:15:04Z", severity: "MODERATE", }, details: "An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. \n", id: "GHSA-6pff-fmh2-4mmf", modified: "2024-07-19T18:34:49Z", published: "2024-07-19T09:32:06Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32007", }, { type: "WEB", url: "https://github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c", }, { type: "WEB", url: "https://github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d", }, { type: "WEB", url: "https://github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473", }, { type: "PACKAGE", url: "https://github.com/apache/cxf", }, { type: "WEB", url: "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Apache CXF Denial of Service vulnerability in JOSE", }
gsd-2024-32007
Vulnerability from gsd
Modified
2024-04-11 05:03
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-32007", ], id: "GSD-2024-32007", modified: "2024-04-11T05:03:18.980958Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2024-32007", STATE: "RESERVED", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.