Vulnerability-Lookup

NCSC-2025-0128

Vulnerability from csaf_ncscnl - Published: 2025-04-16 15:01 - Updated: 2025-04-16 15:01

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.

Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-400: Uncontrolled Resource Consumption

CWE-502: Deserialization of Untrusted Data

CWE-674: Uncontrolled Recursion

CWE-611: Improper Restriction of XML External Entity Reference

CWE-787: Out-of-bounds Write

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-121: Stack-based Buffer Overflow

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-20: Improper Input Validation

CVE-2020-13936

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2020-25649

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2023-26464

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-7254

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-9143

CWE-787 - Out-of-bounds Write

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-11053

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-11612

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-25710

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-28168

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-29857

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-38476

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-40896

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-47072

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-47554

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-47561

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-50602

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-52046

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2024-56337

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2025-23184

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2025-24970

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

CVE-2025-27363

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 43 products

Product	Identifier	Version
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Access Manager	`cpe:2.3:a:oracle:access_manager:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite	`cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle HTTP Server	`cpe:2.3:a:oracle:http_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Managed File Transfer		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer	`cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle SOA Suite	`cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.3.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle WebLogic Server	`cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Weblogic Server		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Weblogic Server		vers:unknown/14.1.1.0.0
vers:oracle/8.5.7 Oracle / Oracle Fusion Middleware / Oracle Outside In Technology	`cpe:2.3:a:oracle:outside_in_technology:8.5.7:::::::*`	vers:oracle/8.5.7
vers:unknown/8.5.7 Oracle / Oracle / Outside In Technology		vers:unknown/8.5.7
vers:unknown/12.2.1.4.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Coherence		vers:unknown/12.2.1.4.0
vers:unknown/14.1.1.0.0 Oracle / Oracle / Coherence		vers:unknown/14.1.1.0.0
vers:unknown/14.1.1.0.0 Oracle / Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:unknown/14.1.1.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Coherence	`cpe:2.3:a:oracle:coherence:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Jdeveloper (Application)		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle JDeveloper	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.1.0.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition	`cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:::::::*`	vers:oracle/14.1.1.0.0
vers:oracle/12.2.1.3.0 Oracle / Oracle WebCenter Portal		vers:oracle/12.2.1.3.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle WebCenter Portal	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:unknown/12.2.1.3.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.3.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:::::::*`	vers:unknown/12.2.1.3.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / WebCenter Portal		vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / WebCenter Portal	`cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:::::::*`	vers:unknown/12.2.1.4.0
vers:unknown/12.2.1.4.0 Oracle / Oracle / Data Integrator		vers:unknown/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Data Integrator	`cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0
vers:oracle/14.1.2.0.0 Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring	`cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:::::::*`	vers:oracle/14.1.2.0.0
vers:oracle/12.2.1.4.0 Oracle / Oracle Fusion Middleware / Oracle Service Bus	`cpe:2.3:a:oracle:service_bus:12.2.1.4.0:::::::*`	vers:oracle/12.2.1.4.0

References

22 references

URL	Category
https://www.oracle.com/security-alerts/cpuapr2025.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements Used in a Template Engine",
        "title": "CWE-1336"
      },
      {
        "category": "general",
        "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
        "title": "CWE-367"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inclusion of Functionality from Untrusted Control Sphere",
        "title": "CWE-829"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2025-04-16T15:01:24.587426Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0128",
      "initial_release_date": "2025-04-16T15:01:24.587426Z",
      "revision_history": [
        {
          "date": "2025-04-16T15:01:24.587426Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-2699078",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Access Manager"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1839842",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2698989",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Business Process Management Suite"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1839864",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2698967",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle HTTP Server"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1839938",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2699074",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Managed File Transfer"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-2698998",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2698997",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle SOA Suite"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1839896",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.1.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.1.0.0",
                      "product_id": "CSAFPID-1839897",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-1840030",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle WebLogic Server"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/8.5.7",
                    "product": {
                      "name": "vers:oracle/8.5.7",
                      "product_id": "CSAFPID-1839872",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Outside In Technology"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1840014",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.1.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.1.0.0",
                      "product_id": "CSAFPID-1839982",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2699125",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Coherence"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1839988",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Fusion Middleware MapViewer"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-2698948",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle JDeveloper"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.1.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.1.0.0",
                      "product_id": "CSAFPID-2699057",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle WebCenter Forms Recognition"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1840006",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle WebCenter Portal"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-2698985",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Data Integrator"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-1840028",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/14.1.2.0.0",
                    "product": {
                      "name": "vers:oracle/14.1.2.0.0",
                      "product_id": "CSAFPID-2699064",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Business Activity Monitoring"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.2.1.4.0",
                    "product": {
                      "name": "vers:oracle/12.2.1.4.0",
                      "product_id": "CSAFPID-2699044",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Service Bus"
              }
            ],
            "category": "product_family",
            "name": "Oracle Fusion Middleware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1213401"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Managed File Transfer"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.3.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.3.0",
                      "product_id": "CSAFPID-1536644"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1536288"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/14.1.1.0.0",
                    "product": {
                      "name": "vers:unknown/14.1.1.0.0",
                      "product_id": "CSAFPID-1536278"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Weblogic Server"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/8.5.7",
                    "product": {
                      "name": "vers:unknown/8.5.7",
                      "product_id": "CSAFPID-1233360"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Outside In Technology"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1210435"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/14.1.1.0.0",
                    "product": {
                      "name": "vers:unknown/14.1.1.0.0",
                      "product_id": "CSAFPID-1210304"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Coherence"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1247956"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Jdeveloper (Application)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.3.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.3.0",
                      "product_id": "CSAFPID-1214253"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1232894"
                    }
                  }
                ],
                "category": "product_name",
                "name": "WebCenter Portal"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/12.2.1.4.0",
                    "product": {
                      "name": "vers:unknown/12.2.1.4.0",
                      "product_id": "CSAFPID-1201529"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Data Integrator"
              }
            ],
            "category": "product_family",
            "name": "Oracle"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/12.2.1.4.0",
                "product": {
                  "name": "vers:oracle/12.2.1.4.0",
                  "product_id": "CSAFPID-1144680",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:oracle/14.1.1.0.0",
                "product": {
                  "name": "vers:oracle/14.1.1.0.0",
                  "product_id": "CSAFPID-1144604",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebLogic Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.2.1.4.0",
                "product": {
                  "name": "vers:unknown/12.2.1.4.0",
                  "product_id": "CSAFPID-39413",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/14.1.1.0.0",
                "product": {
                  "name": "vers:unknown/14.1.1.0.0",
                  "product_id": "CSAFPID-39412",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Coherence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/12.2.1.3.0",
                "product": {
                  "name": "vers:oracle/12.2.1.3.0",
                  "product_id": "CSAFPID-1144910"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:oracle/12.2.1.4.0",
                "product": {
                  "name": "vers:oracle/12.2.1.4.0",
                  "product_id": "CSAFPID-1144911",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Portal"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.2.1.3.0",
                "product": {
                  "name": "vers:unknown/12.2.1.3.0",
                  "product_id": "CSAFPID-317201",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/12.2.1.4.0",
                "product": {
                  "name": "vers:unknown/12.2.1.4.0",
                  "product_id": "CSAFPID-307786",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebCenter Portal"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13936",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements Used in a Template Engine",
          "title": "CWE-1336"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13936",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13936.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2020-25649",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-25649",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-25649.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2023-26464",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26464",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26464.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2023-26464"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-9143",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9143",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
        }
      ],
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2024-11053",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11053",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-11053"
    },
    {
      "cve": "CVE-2024-11612",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11612",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11612.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-11612"
    },
    {
      "cve": "CVE-2024-25710",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25710",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-28168",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28168",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2024-29857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29857",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-38476",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Inclusion of Functionality from Untrusted Control Sphere",
          "title": "CWE-829"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38476",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-38476"
    },
    {
      "cve": "CVE-2024-40896",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-40896",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40896.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-40896"
    },
    {
      "cve": "CVE-2024-47072",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47072",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-50602",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50602",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-50602"
    },
    {
      "cve": "CVE-2024-52046",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-52046",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52046.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-52046"
    },
    {
      "cve": "CVE-2024-56337",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-56337",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-23184",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json"
        }
      ],
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24970",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24970",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-27363",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2699078",
          "CSAFPID-1839842",
          "CSAFPID-2698989",
          "CSAFPID-1839864",
          "CSAFPID-2698967",
          "CSAFPID-1213401",
          "CSAFPID-1839938",
          "CSAFPID-2699074",
          "CSAFPID-2698998",
          "CSAFPID-2698997",
          "CSAFPID-1144680",
          "CSAFPID-1839896",
          "CSAFPID-1144604",
          "CSAFPID-1839897",
          "CSAFPID-1536644",
          "CSAFPID-1840030",
          "CSAFPID-1536288",
          "CSAFPID-1536278",
          "CSAFPID-1839872",
          "CSAFPID-1233360",
          "CSAFPID-39413",
          "CSAFPID-1210435",
          "CSAFPID-1210304",
          "CSAFPID-39412",
          "CSAFPID-1840014",
          "CSAFPID-1839982",
          "CSAFPID-2699125",
          "CSAFPID-1839988",
          "CSAFPID-1247956",
          "CSAFPID-2698948",
          "CSAFPID-2699057",
          "CSAFPID-1144910",
          "CSAFPID-1840006",
          "CSAFPID-1144911",
          "CSAFPID-1214253",
          "CSAFPID-317201",
          "CSAFPID-1232894",
          "CSAFPID-307786",
          "CSAFPID-1201529",
          "CSAFPID-2698985",
          "CSAFPID-1840028",
          "CSAFPID-2699064",
          "CSAFPID-2699044"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27363",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27363.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2699078",
            "CSAFPID-1839842",
            "CSAFPID-2698989",
            "CSAFPID-1839864",
            "CSAFPID-2698967",
            "CSAFPID-1213401",
            "CSAFPID-1839938",
            "CSAFPID-2699074",
            "CSAFPID-2698998",
            "CSAFPID-2698997",
            "CSAFPID-1144680",
            "CSAFPID-1839896",
            "CSAFPID-1144604",
            "CSAFPID-1839897",
            "CSAFPID-1536644",
            "CSAFPID-1840030",
            "CSAFPID-1536288",
            "CSAFPID-1536278",
            "CSAFPID-1839872",
            "CSAFPID-1233360",
            "CSAFPID-39413",
            "CSAFPID-1210435",
            "CSAFPID-1210304",
            "CSAFPID-39412",
            "CSAFPID-1840014",
            "CSAFPID-1839982",
            "CSAFPID-2699125",
            "CSAFPID-1839988",
            "CSAFPID-1247956",
            "CSAFPID-2698948",
            "CSAFPID-2699057",
            "CSAFPID-1144910",
            "CSAFPID-1840006",
            "CSAFPID-1144911",
            "CSAFPID-1214253",
            "CSAFPID-317201",
            "CSAFPID-1232894",
            "CSAFPID-307786",
            "CSAFPID-1201529",
            "CSAFPID-2698985",
            "CSAFPID-1840028",
            "CSAFPID-2699064",
            "CSAFPID-2699044"
          ]
        }
      ],
      "title": "CVE-2025-27363"
    }
  ]
}

CVE-2020-13936 (GCVE-0-2020-13936)

Vulnerability from cvelistv5 – Published: 2021-03-10 08:00 – Updated: 2025-02-13 16:27

Title

Velocity Sandbox Bypass

Summary

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Severity

No CVSS data available.

CWE

Velocity Sandbox Bypass

Assigner

apache

References

24 references

URL	Tags
https://lists.apache.org/thread.html/r01043f584cb…	x_refsource_MISC
https://lists.apache.org/thread.html/r01043f584cb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb042f3b0090…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/10/1	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3ea4c4c9085…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd2a89e17e8a…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re641197d204…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbee7270556f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/reab5978b54a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd7e865c87f9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re8e7482fe54…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0bc98e9cd08…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r39de20c7e9c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r17cb932fab1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4cd59453b65…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7f209b83721…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r293284c6806…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf7d369de88d…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202107-52	vendor-advisoryx_refsource_GENTOO
https://lists.apache.org/thread.html/r9dc25056517…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r52a5129df40…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Velocity Engine	Affected: Apache Velocity Engine , ≤ 2.2 (custom)

Credits

This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
          },
          {
            "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
          },
          {
            "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
          },
          {
            "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
          },
          {
            "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
          },
          {
            "name": "GLSA-202107-52",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-52"
          },
          {
            "name": "[activemq-users] 20210830 Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-users] 20210831 RE: Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Velocity Engine",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "Apache Velocity Engine",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Velocity Sandbox Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-04T12:34:05.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
        },
        {
          "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
        },
        {
          "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
        },
        {
          "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
        },
        {
          "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
        },
        {
          "name": "GLSA-202107-52",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-52"
        },
        {
          "name": "[activemq-users] 20210830 Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-users] 20210831 RE: Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Velocity Sandbox Bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3.  This version adds additional default restrictions on what methods/properties can be accessed in a template."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-13936",
          "STATE": "PUBLIC",
          "TITLE": "Velocity Sandbox Bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Velocity Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache Velocity Engine",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Velocity Sandbox Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
            },
            {
              "name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E"
            },
            {
              "name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
            },
            {
              "name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
            },
            {
              "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3E"
            },
            {
              "name": "GLSA-202107-52",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-52"
            },
            {
              "name": "[activemq-users] 20210830 Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-users] 20210831 RE: Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3.  This version adds additional default restrictions on what methods/properties can be accessed in a template."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13936",
    "datePublished": "2021-03-10T08:00:19.000Z",
    "dateReserved": "2020-06-08T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:29.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-25649 (GCVE-0-2020-25649)

Vulnerability from cvelistv5 – Published: 2020-12-03 16:16 – Updated: 2024-08-04 15:40

Summary

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Severity

No CVSS data available.

CWE

CWE-611

Assigner

redhat

References

71 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1887664	x_refsource_MISC
https://github.com/FasterXML/jackson-databind/iss…	x_refsource_MISC
https://lists.apache.org/thread.html/ra1157e57a01…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2b6ddb3a4f4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2882fc1f303…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re96dc7a13e1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1b7ed0c4b6c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd317f15a675…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc15e90bbef1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r63c87aab971…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc959cdb57c4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/raf13235de6d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6b11eca1d64…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6b11eca1d64…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5f8a1608d75…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r78d53a0a269…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r98bfe3b90ea…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r90d1e97b0a7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r900d4408c41…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8937a716071…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8937a716071…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd6f6bf848c2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6e3d4f79915…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0b8dc3acd45…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r68d029ee74a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc88f2fa2b7b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r94c7e86e546…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdf9a3472648…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r04529cedaca…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r86c78bf7656…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb674520b9f6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra95faf968f3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r45e7350dfc9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r95a297eb5fd…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/re16f81d3ad4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3e6ae311842…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r91722ecfba6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf1809a13740…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0881e23bd90…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2eb66c18285…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5b130fe6685…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd57c7582adc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r407538adec3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2f5c5479f99…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r011d1430e8f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r765283e1450…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r605764e05e2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7cb5b4b3e4b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r73bef1bb601…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6cbd599b80e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra409f798a1e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdca8711bb7a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8ae961c8093…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc82ff478532…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6a4f3ef6edf…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r31f4ee7d561…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021010…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r8764bb835bc…	mailing-listx_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r61db8e7dcb5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r61db8e7dcb5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6a6df564758…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r024b7bda9c4…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	jackson-databind	Affected: jackson-databind-2.11.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
          },
          {
            "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-1d8254899c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
          },
          {
            "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
          },
          {
            "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
          },
          {
            "name": "[spark-user] 20210621 Re: CVEs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "jackson-databind-2.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:15:31.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
        },
        {
          "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2021-1d8254899c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
        },
        {
          "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
        },
        {
          "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
        },
        {
          "name": "[spark-user] 20210621 Re: CVEs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25649",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "jackson-databind-2.11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2589",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
            },
            {
              "name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2021-1d8254899c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
            },
            {
              "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
            },
            {
              "name": "[spark-user] 20210621 Re: CVEs",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25649",
    "datePublished": "2020-12-03T16:16:50.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-26464 (GCVE-0-2023-26464)

Vulnerability from cvelistv5 – Published: 2023-03-10 13:38 – Updated: 2025-02-13 16:44

Title

Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

Summary

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Severity

No CVSS data available.

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

2 references

URL	Tags
https://lists.apache.org/thread/wkx6grrcjkh86crr4…	vendor-advisory
https://security.netapp.com/advisory/ntap-2023050…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Log4j	Affected: 1.0.4 , < 2 (maven) Unaffected: 2 , ≤ * (maven)

Credits

Garrett Tucker of Red Hat

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:53:52.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "log4j",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "2.0",
                "status": "affected",
                "version": "1.0.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-26464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T16:39:52.195542Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T16:40:55.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Apache Log4j",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "1.0.4",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "2",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Garrett Tucker of Red Hat"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED **\u003c/div\u003e\u003cdiv\u003eWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\u003c/div\u003e\u003cdiv\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-05T19:06:22.847Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230505-0008/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-26464",
    "datePublished": "2023-03-10T13:38:16.190Z",
    "dateReserved": "2023-02-23T16:15:06.902Z",
    "dateUpdated": "2025-02-13T16:44:55.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11053 (GCVE-0-2024-11053)

Vulnerability from cvelistv5 – Published: 2024-12-11 07:34 – Updated: 2025-11-03 20:36

Title

netrc and redirect credential leak

Summary

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Severity

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Assigner

curl

References

3 references

URL	Tags
https://curl.se/docs/CVE-2024-11053.json
https://curl.se/docs/CVE-2024-11053.html
https://hackerone.com/reports/2829063

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver) Affected: 7.13.2 , ≤ 7.13.2 (semver) Affected: 7.13.1 , ≤ 7.13.1 (semver) Affected: 7.13.0 , ≤ 7.13.0 (semver) Affected: 7.12.3 , ≤ 7.12.3 (semver) Affected: 7.12.2 , ≤ 7.12.2 (semver) Affected: 7.12.1 , ≤ 7.12.1 (semver) Affected: 7.12.0 , ≤ 7.12.0 (semver) Affected: 7.11.2 , ≤ 7.11.2 (semver) Affected: 7.11.1 , ≤ 7.11.1 (semver) Affected: 7.11.0 , ≤ 7.11.0 (semver) Affected: 7.10.8 , ≤ 7.10.8 (semver) Affected: 7.10.7 , ≤ 7.10.7 (semver) Affected: 7.10.6 , ≤ 7.10.6 (semver) Affected: 7.10.5 , ≤ 7.10.5 (semver) Affected: 7.10.4 , ≤ 7.10.4 (semver) Affected: 7.10.3 , ≤ 7.10.3 (semver) Affected: 7.10.2 , ≤ 7.10.2 (semver) Affected: 7.10.1 , ≤ 7.10.1 (semver) Affected: 7.10 , ≤ 7.10 (semver) Affected: 7.9.8 , ≤ 7.9.8 (semver) Affected: 7.9.7 , ≤ 7.9.7 (semver) Affected: 7.9.6 , ≤ 7.9.6 (semver) Affected: 7.9.5 , ≤ 7.9.5 (semver) Affected: 7.9.4 , ≤ 7.9.4 (semver) Affected: 7.9.3 , ≤ 7.9.3 (semver) Affected: 7.9.2 , ≤ 7.9.2 (semver) Affected: 7.9.1 , ≤ 7.9.1 (semver) Affected: 7.9 , ≤ 7.9 (semver) Affected: 7.8.1 , ≤ 7.8.1 (semver) Affected: 7.8 , ≤ 7.8 (semver) Affected: 7.7.3 , ≤ 7.7.3 (semver) Affected: 7.7.2 , ≤ 7.7.2 (semver) Affected: 7.7.1 , ≤ 7.7.1 (semver) Affected: 7.7 , ≤ 7.7 (semver) Affected: 7.6.1 , ≤ 7.6.1 (semver) Affected: 7.6 , ≤ 7.6 (semver) Affected: 7.5.2 , ≤ 7.5.2 (semver) Affected: 7.5.1 , ≤ 7.5.1 (semver) Affected: 7.5 , ≤ 7.5 (semver) Affected: 7.4.2 , ≤ 7.4.2 (semver) Affected: 7.4.1 , ≤ 7.4.1 (semver) Affected: 7.4 , ≤ 7.4 (semver) Affected: 7.3 , ≤ 7.3 (semver) Affected: 7.2.1 , ≤ 7.2.1 (semver) Affected: 7.2 , ≤ 7.2 (semver) Affected: 7.1.1 , ≤ 7.1.1 (semver) Affected: 7.1 , ≤ 7.1 (semver) Affected: 6.5.2 , ≤ 6.5.2 (semver) Affected: 6.5.1 , ≤ 6.5.1 (semver) Affected: 6.5 , ≤ 6.5 (semver)

Credits

Harry Sintonen Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:27.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 3.4,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-11053",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-15T16:47:42.738403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-15T16:50:59.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.70.0",
              "status": "affected",
              "version": "7.70.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.1",
              "status": "affected",
              "version": "7.69.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.0",
              "status": "affected",
              "version": "7.69.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.68.0",
              "status": "affected",
              "version": "7.68.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.67.0",
              "status": "affected",
              "version": "7.67.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.66.0",
              "status": "affected",
              "version": "7.66.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.3",
              "status": "affected",
              "version": "7.65.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.2",
              "status": "affected",
              "version": "7.65.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.1",
              "status": "affected",
              "version": "7.65.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.0",
              "status": "affected",
              "version": "7.65.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.1",
              "status": "affected",
              "version": "7.64.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.0",
              "status": "affected",
              "version": "7.64.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.63.0",
              "status": "affected",
              "version": "7.63.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.62.0",
              "status": "affected",
              "version": "7.62.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.1",
              "status": "affected",
              "version": "7.61.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.0",
              "status": "affected",
              "version": "7.61.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.60.0",
              "status": "affected",
              "version": "7.60.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.59.0",
              "status": "affected",
              "version": "7.59.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.58.0",
              "status": "affected",
              "version": "7.58.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.57.0",
              "status": "affected",
              "version": "7.57.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.1",
              "status": "affected",
              "version": "7.56.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.0",
              "status": "affected",
              "version": "7.56.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.1",
              "status": "affected",
              "version": "7.55.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.0",
              "status": "affected",
              "version": "7.55.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.1",
              "status": "affected",
              "version": "7.54.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.0",
              "status": "affected",
              "version": "7.54.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.1",
              "status": "affected",
              "version": "7.53.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.0",
              "status": "affected",
              "version": "7.53.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.1",
              "status": "affected",
              "version": "7.52.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.0",
              "status": "affected",
              "version": "7.52.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.51.0",
              "status": "affected",
              "version": "7.51.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.3",
              "status": "affected",
              "version": "7.50.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.2",
              "status": "affected",
              "version": "7.50.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.1",
              "status": "affected",
              "version": "7.50.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.0",
              "status": "affected",
              "version": "7.50.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.1",
              "status": "affected",
              "version": "7.49.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.0",
              "status": "affected",
              "version": "7.49.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.48.0",
              "status": "affected",
              "version": "7.48.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.1",
              "status": "affected",
              "version": "7.47.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.0",
              "status": "affected",
              "version": "7.47.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.46.0",
              "status": "affected",
              "version": "7.46.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.45.0",
              "status": "affected",
              "version": "7.45.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.44.0",
              "status": "affected",
              "version": "7.44.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.43.0",
              "status": "affected",
              "version": "7.43.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.1",
              "status": "affected",
              "version": "7.42.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.0",
              "status": "affected",
              "version": "7.42.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.41.0",
              "status": "affected",
              "version": "7.41.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.40.0",
              "status": "affected",
              "version": "7.40.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.39.0",
              "status": "affected",
              "version": "7.39.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.38.0",
              "status": "affected",
              "version": "7.38.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.1",
              "status": "affected",
              "version": "7.37.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.0",
              "status": "affected",
              "version": "7.37.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.36.0",
              "status": "affected",
              "version": "7.36.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.35.0",
              "status": "affected",
              "version": "7.35.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.34.0",
              "status": "affected",
              "version": "7.34.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.33.0",
              "status": "affected",
              "version": "7.33.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.32.0",
              "status": "affected",
              "version": "7.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.31.0",
              "status": "affected",
              "version": "7.31.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.30.0",
              "status": "affected",
              "version": "7.30.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.29.0",
              "status": "affected",
              "version": "7.29.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.1",
              "status": "affected",
              "version": "7.28.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.0",
              "status": "affected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.27.0",
              "status": "affected",
              "version": "7.27.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.26.0",
              "status": "affected",
              "version": "7.26.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.25.0",
              "status": "affected",
              "version": "7.25.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.24.0",
              "status": "affected",
              "version": "7.24.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.1",
              "status": "affected",
              "version": "7.23.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.0",
              "status": "affected",
              "version": "7.23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.22.0",
              "status": "affected",
              "version": "7.22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.7",
              "status": "affected",
              "version": "7.21.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.6",
              "status": "affected",
              "version": "7.21.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.5",
              "status": "affected",
              "version": "7.21.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.4",
              "status": "affected",
              "version": "7.21.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.3",
              "status": "affected",
              "version": "7.21.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.2",
              "status": "affected",
              "version": "7.21.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.1",
              "status": "affected",
              "version": "7.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.0",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.1",
              "status": "affected",
              "version": "7.20.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.0",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.7",
              "status": "affected",
              "version": "7.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.6",
              "status": "affected",
              "version": "7.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.5",
              "status": "affected",
              "version": "7.19.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.4",
              "status": "affected",
              "version": "7.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.3",
              "status": "affected",
              "version": "7.19.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.2",
              "status": "affected",
              "version": "7.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.1",
              "status": "affected",
              "version": "7.19.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.0",
              "status": "affected",
              "version": "7.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.2",
              "status": "affected",
              "version": "7.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.1",
              "status": "affected",
              "version": "7.18.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.0",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.1",
              "status": "affected",
              "version": "7.17.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.0",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.4",
              "status": "affected",
              "version": "7.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.3",
              "status": "affected",
              "version": "7.16.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.2",
              "status": "affected",
              "version": "7.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.1",
              "status": "affected",
              "version": "7.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.0",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.5",
              "status": "affected",
              "version": "7.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.4",
              "status": "affected",
              "version": "7.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.3",
              "status": "affected",
              "version": "7.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.2",
              "status": "affected",
              "version": "7.15.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.1",
              "status": "affected",
              "version": "7.15.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.0",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.1",
              "status": "affected",
              "version": "7.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.0",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.2",
              "status": "affected",
              "version": "7.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.1",
              "status": "affected",
              "version": "7.13.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.0",
              "status": "affected",
              "version": "7.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.3",
              "status": "affected",
              "version": "7.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.2",
              "status": "affected",
              "version": "7.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.1",
              "status": "affected",
              "version": "7.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.0",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.2",
              "status": "affected",
              "version": "7.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.1",
              "status": "affected",
              "version": "7.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.0",
              "status": "affected",
              "version": "7.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.8",
              "status": "affected",
              "version": "7.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.7",
              "status": "affected",
              "version": "7.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.6",
              "status": "affected",
              "version": "7.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.5",
              "status": "affected",
              "version": "7.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.4",
              "status": "affected",
              "version": "7.10.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.3",
              "status": "affected",
              "version": "7.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.2",
              "status": "affected",
              "version": "7.10.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.1",
              "status": "affected",
              "version": "7.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10",
              "status": "affected",
              "version": "7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.8",
              "status": "affected",
              "version": "7.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.7",
              "status": "affected",
              "version": "7.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.6",
              "status": "affected",
              "version": "7.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.5",
              "status": "affected",
              "version": "7.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.4",
              "status": "affected",
              "version": "7.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.3",
              "status": "affected",
              "version": "7.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.2",
              "status": "affected",
              "version": "7.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9.1",
              "status": "affected",
              "version": "7.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.9",
              "status": "affected",
              "version": "7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.8.1",
              "status": "affected",
              "version": "7.8.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.8",
              "status": "affected",
              "version": "7.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.7.3",
              "status": "affected",
              "version": "7.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.7.2",
              "status": "affected",
              "version": "7.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.7.1",
              "status": "affected",
              "version": "7.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.7",
              "status": "affected",
              "version": "7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.6.1",
              "status": "affected",
              "version": "7.6.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.6",
              "status": "affected",
              "version": "7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.2",
              "status": "affected",
              "version": "7.5.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.1",
              "status": "affected",
              "version": "7.5.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5",
              "status": "affected",
              "version": "7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4",
              "status": "affected",
              "version": "7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3",
              "status": "affected",
              "version": "7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2",
              "status": "affected",
              "version": "7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.2",
              "status": "affected",
              "version": "6.5.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "6.5.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5",
              "status": "affected",
              "version": "6.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Harry Sintonen"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-11T07:34:29.539Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2024-11053.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2024-11053.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/2829063"
        }
      ],
      "title": "netrc and redirect credential leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2024-11053",
    "datePublished": "2024-12-11T07:34:29.539Z",
    "dateReserved": "2024-11-09T18:41:55.703Z",
    "dateUpdated": "2025-11-03T20:36:27.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11612 (GCVE-0-2024-11612)

Vulnerability from cvelistv5 – Published: 2024-11-22 20:22 – Updated: 2024-11-26 15:13

Title

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability

Summary

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.

Severity

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

zdi

References

1 reference

URL	Tags
https://www.zerodayinitiative.com/advisories/ZDI-…	x_research-advisory

Impacted products

1 product

Vendor	Product	Version
7-Zip	7-Zip	Affected: 24.06

Date Public

2024-11-21 21:23

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T15:12:13.757081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T15:13:29.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "7-Zip",
          "vendor": "7-Zip",
          "versions": [
            {
              "status": "affected",
              "version": "24.06"
            }
          ]
        }
      ],
      "dateAssigned": "2024-11-21T20:34:17.572Z",
      "datePublic": "2024-11-21T21:23:18.351Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T20:22:10.629Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1606",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1606/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "2ourc3"
      },
      "title": "7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-11612",
    "datePublished": "2024-11-22T20:22:10.629Z",
    "dateReserved": "2024-11-21T20:34:17.530Z",
    "dateUpdated": "2024-11-26T15:13:29.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25710 (GCVE-0-2024-25710)

Vulnerability from cvelistv5 – Published: 2024-02-19 08:33 – Updated: 2025-11-04 16:11

Title

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/cz8qkcwphy4cx8glt…	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/02/19/1
https://security.netapp.com/advisory/ntap-2024030…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Commons Compress	Affected: 1.3 , ≤ 1.25.0 (semver)

Credits

Yakov Shafranovich, Amazon Web Services

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-20T16:19:19.175447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:44.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:24.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0010/"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Aug/37"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-compress",
          "product": "Apache Commons Compress",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.25.0",
              "status": "affected",
              "version": "1.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yakov Shafranovich, Amazon Web Services"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache Commons Compress.\u003cp\u003eThis issue affects Apache Commons Compress: from 1.3 through 1.25.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.26.0 which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T17:06:33.636Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0010/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-25710",
    "datePublished": "2024-02-19T08:33:40.627Z",
    "dateReserved": "2024-02-10T23:44:45.963Z",
    "dateUpdated": "2025-11-04T16:11:24.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-28168 (GCVE-0-2024-28168)

Vulnerability from cvelistv5 – Published: 2024-10-09 12:04 – Updated: 2024-10-09 15:02

Title

Apache XML Graphics FOP: XML External Entity (XXE) Processing

Summary

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Assigner

apache

References

1 reference

URL	Tags
https://xmlgraphics.apache.org/security.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache XML Graphics FOP	Affected: 2.9 (semver)

Credits

c1gar of Shanxi Normal University

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:xml_graphics_fop:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xml_graphics_fop",
            "vendor": "apache",
            "versions": [
              {
                "status": "affected",
                "version": "2.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-28168",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T13:28:19.322729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T13:31:21.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-09T15:02:59.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/09/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache XML Graphics FOP",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.9",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "c1gar of Shanxi Normal University"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability in Apache XML Graphics FOP.\u003c/p\u003e\u003cp\u003eThis issue affects Apache XML Graphics FOP: 2.9.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.10, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability in Apache XML Graphics FOP.\n\nThis issue affects Apache XML Graphics FOP: 2.9.\n\nUsers are recommended to upgrade to version 2.10, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T12:04:03.835Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://xmlgraphics.apache.org/security.html"
        }
      ],
      "source": {
        "defect": [
          "FOP-3168"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache XML Graphics FOP: XML External Entity (XXE) Processing",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-28168",
    "datePublished": "2024-10-09T12:04:03.835Z",
    "dateReserved": "2024-03-06T07:55:11.018Z",
    "dateUpdated": "2024-10-09T15:02:59.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29857 (GCVE-0-2024-29857)

Vulnerability from cvelistv5 – Published: 2024-05-09 04:17 – Updated: 2025-02-13 15:47

Summary

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

3 references

URL	Tags
https://www.bouncycastle.org/latest_releases.html
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…
https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-06T13:09:29.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bouncycastle.org/latest_releases.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241206-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bc-java",
            "vendor": "bouncycastle",
            "versions": [
              {
                "lessThanOrEqual": "1.77",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:bouncycastle:bc-fja:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bc-fja",
            "vendor": "bouncycastle",
            "versions": [
              {
                "lessThanOrEqual": "1.0.2.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:bouncycastle:bc_c_.net:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bc_c_.net",
            "vendor": "bouncycastle",
            "versions": [
              {
                "lessThanOrEqual": "2.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-29857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T19:32:50.624122Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T18:48:02.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T16:50:06.548Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.bouncycastle.org/latest_releases.html"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857"
        },
        {
          "url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-29857",
    "datePublished": "2024-05-09T04:17:29.645Z",
    "dateReserved": "2024-03-21T00:00:00.000Z",
    "dateUpdated": "2025-02-13T15:47:48.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38476 (GCVE-0-2024-38476)

Vulnerability from cvelistv5 – Published: 2024-07-01 18:15 – Updated: 2025-11-03 21:55

Title

Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect

Summary

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024071…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.59 (semver)

Credits

Orange Tsai (@orange_8361) from DEVCORE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.4.59",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-29T03:55:12.524796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T16:42:18.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:42.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/01/9"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.59",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ebackend applications whose response headers are malicious or exploitable.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
            }
          ],
          "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T14:06:14.537Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-01T12:00:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-38476",
    "datePublished": "2024-07-01T18:15:40.071Z",
    "dateReserved": "2024-06-17T11:10:56.470Z",
    "dateUpdated": "2025-11-03T21:55:42.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40896 (GCVE-0-2024-40896)

Vulnerability from cvelistv5 – Published: 2024-12-23 00:00 – Updated: 2025-02-28 13:07

Summary

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

mitre

References

2 references

URL	Tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1…

Impacted products

1 product

Vendor	Product	Version
libxml2	libxml2	Affected: 2.11.0 , < 2.11.9 (semver) Affected: 2.12.0 , < 2.12.9 (semver) Affected: 2.13.0 , < 2.13.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-24T02:10:22.590277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-24T02:11:06.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-28T13:07:30.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250228-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxml2",
          "vendor": "libxml2",
          "versions": [
            {
              "lessThan": "2.11.9",
              "status": "affected",
              "version": "2.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.9",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.3",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-23T17:21:42.188Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/761"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-40896",
    "datePublished": "2024-12-23T00:00:00.000Z",
    "dateReserved": "2024-07-12T00:00:00.000Z",
    "dateUpdated": "2025-02-28T13:07:30.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

NCSC-2025-0128

CVE-2020-13936 (GCVE-0-2020-13936)

CVE-2020-25649 (GCVE-0-2020-25649)

CVE-2023-26464 (GCVE-0-2023-26464)

CVE-2024-11053 (GCVE-0-2024-11053)

CVE-2024-11612 (GCVE-0-2024-11612)

CVE-2024-25710 (GCVE-0-2024-25710)

CVE-2024-28168 (GCVE-0-2024-28168)

CVE-2024-29857 (GCVE-0-2024-29857)

CVE-2024-38476 (GCVE-0-2024-38476)

CVE-2024-40896 (GCVE-0-2024-40896)

Tags

Sightings

Nomenclature