NCSC-2025-0028

Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:36 - Updated: 2025-01-22 13:36
Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-416: Use After Free
CWE-476: NULL Pointer Dereference
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-502: Deserialization of Untrusted Data
CWE-248: Uncaught Exception
CWE-674: Uncontrolled Recursion
CWE-611: Improper Restriction of XML External Entity Reference
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-789: Memory Allocation with Excessive Size Value
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1395: Dependency on Vulnerable Third-Party Component
CWE-670: Always-Incorrect Control Flow Implementation
CWE-399: CWE-399
CWE-326: Inadequate Encryption Strength
CWE-669: Incorrect Resource Transfer Between Spheres
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-834: Excessive Iteration
CWE-311: Missing Encryption of Sensitive Data
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-125: Out-of-bounds Read
CWE-404: Improper Resource Shutdown or Release
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333: Inefficient Regular Expression Complexity
CVE-2016-10000
CVE-2020-2849
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2020-7760
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2020-13956
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
CVE-2020-28975
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2021-23926
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*
CVE-2021-33813
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-611 - Improper Restriction of XML External Entity Reference
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
CVE-2022-40150
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-404 - Improper Resource Shutdown or Release
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
CVE-2023-2976
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-552 - Files or Directories Accessible to External Parties
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-4785
CWE-248 - Uncaught Exception
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-7272
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-24998
CWE-404 - Improper Resource Shutdown or Release
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
CVE-2023-25399
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-401 - Missing Release of Memory after Effective Lifetime
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-29824
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-32732
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-440 - Expected Behavior Violation
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-33202
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-33953
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-834 - Excessive Iteration
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-43804
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-44487
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 - Uncontrolled Resource Consumption
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-45803
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2023-50782
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-208 - Observable Timing Discrepancy
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-0727
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
CVE-2024-1135
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-4741
CWE-416 - Use After Free
Affected products
Product Identifier Version Remediation
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
CVE-2024-5535
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-7254
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CWE-20 - Improper Input Validation
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-22195
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-26130
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 - NULL Pointer Dereference
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-29025
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
CVE-2024-29131
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-34064
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Product Identifier Version Remediation
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
business_intelligence_enterprise_edition
oracle
 cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-35195
5.7 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
CWE-670 - Always-Incorrect Control Flow Implementation
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-36114
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-125 - Out-of-bounds Read
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-37891
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-669 - Incorrect Resource Transfer Between Spheres
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2024-38809
8.0 (High)
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-1333 - Inefficient Regular Expression Complexity
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
CVE-2024-38820
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-284 - Improper Access Control
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
CVE-2024-43382
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE-311 - Missing Encryption of Sensitive Data
Affected products
Product Identifier Version Remediation
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
bi_publisher
oracle
 cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
CVE-2024-47561
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-502 - Deserialization of Untrusted Data
Affected products
Product Identifier Version Remediation
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
business_intelligence
oracle
 cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
CVE-2025-21532
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Product Identifier Version Remediation
analytics_desktop
oracle
 cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*
References
URL Category
https://www.oracle.com/security-alerts/cpujan2025.html external
https://api.ncsc.nl/velma/v1/vulnerabilities/2016… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024… self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025… self
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Uncaught Exception",
        "title": "CWE-248"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Dependency on Vulnerable Third-Party Component",
        "title": "CWE-1395"
      },
      {
        "category": "general",
        "text": "Always-Incorrect Control Flow Implementation",
        "title": "CWE-670"
      },
      {
        "category": "general",
        "text": "CWE-399",
        "title": "CWE-399"
      },
      {
        "category": "general",
        "text": "Inadequate Encryption Strength",
        "title": "CWE-326"
      },
      {
        "category": "general",
        "text": "Incorrect Resource Transfer Between Spheres",
        "title": "CWE-669"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
        "title": "CWE-776"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      },
      {
        "category": "general",
        "text": "Missing Encryption of Sensitive Data",
        "title": "CWE-311"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Analytics",
    "tracking": {
      "current_release_date": "2025-01-22T13:36:58.196605Z",
      "id": "NCSC-2025-0028",
      "initial_release_date": "2025-01-22T13:36:58.196605Z",
      "revision_history": [
        {
          "date": "2025-01-22T13:36:58.196605Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503296",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-220360",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-135810",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-219994",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:enterprise:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-219817",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:enterprise:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503297",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-257324",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1503298",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence",
            "product": {
              "name": "business_intelligence",
              "product_id": "CSAFPID-1650736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765384",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764234",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764929",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764235",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764930",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764236",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503574",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-1503573",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765388",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764727",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764729",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765389",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764725",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764728",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764730",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-764726",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "business_intelligence_enterprise_edition",
            "product": {
              "name": "business_intelligence_enterprise_edition",
              "product_id": "CSAFPID-765386",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9197",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-9493",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220546",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-228391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-220560",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bi_publisher",
            "product": {
              "name": "bi_publisher",
              "product_id": "CSAFPID-1673195",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816763",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-816762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1751172",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:8.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1650735",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "analytics_desktop",
            "product": {
              "name": "analytics_desktop",
              "product_id": "CSAFPID-1751157",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10000",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2016-10000",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2016/CVE-2016-10000.json"
        }
      ],
      "title": "CVE-2016-10000"
    },
    {
      "cve": "CVE-2020-2849",
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-2849",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-2849.json"
        }
      ],
      "title": "CVE-2020-2849"
    },
    {
      "cve": "CVE-2020-7760",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-7760",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-7760.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-764778",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2020-7760"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-228391",
          "CSAFPID-764778",
          "CSAFPID-220546",
          "CSAFPID-9197",
          "CSAFPID-764929",
          "CSAFPID-764930",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-1503574",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13956",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-228391",
            "CSAFPID-764778",
            "CSAFPID-220546",
            "CSAFPID-9197",
            "CSAFPID-764929",
            "CSAFPID-764930",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-1503574",
            "CSAFPID-257324",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-28975",
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-28975",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28975.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2020-28975"
    },
    {
      "cve": "CVE-2021-23926",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
          "title": "CWE-776"
        },
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9493",
          "CSAFPID-764778",
          "CSAFPID-228391",
          "CSAFPID-135810",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-220546",
          "CSAFPID-9197",
          "CSAFPID-764929",
          "CSAFPID-764930"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-23926",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9493",
            "CSAFPID-764778",
            "CSAFPID-228391",
            "CSAFPID-135810",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-220546",
            "CSAFPID-9197",
            "CSAFPID-764929",
            "CSAFPID-764930"
          ]
        }
      ],
      "title": "CVE-2021-23926"
    },
    {
      "cve": "CVE-2021-33813",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9197",
          "CSAFPID-9493",
          "CSAFPID-228391",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-765383",
          "CSAFPID-765384",
          "CSAFPID-765385",
          "CSAFPID-765386",
          "CSAFPID-765387",
          "CSAFPID-765388",
          "CSAFPID-765389",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-33813",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33813.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9197",
            "CSAFPID-9493",
            "CSAFPID-228391",
            "CSAFPID-764778",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-765383",
            "CSAFPID-765384",
            "CSAFPID-765385",
            "CSAFPID-765386",
            "CSAFPID-765387",
            "CSAFPID-765388",
            "CSAFPID-765389",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2021-33813"
    },
    {
      "cve": "CVE-2022-40150",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764234",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764235",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-764236",
          "CSAFPID-9493",
          "CSAFPID-764778",
          "CSAFPID-228391",
          "CSAFPID-135810",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-40150",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40150.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764725",
            "CSAFPID-764726",
            "CSAFPID-764234",
            "CSAFPID-764727",
            "CSAFPID-764728",
            "CSAFPID-764235",
            "CSAFPID-764729",
            "CSAFPID-764730",
            "CSAFPID-764236",
            "CSAFPID-9493",
            "CSAFPID-764778",
            "CSAFPID-228391",
            "CSAFPID-135810",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        },
        {
          "category": "other",
          "text": "Creation of Temporary File in Directory with Insecure Permissions",
          "title": "CWE-379"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-4785",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncaught Exception",
          "title": "CWE-248"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4785",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4785.json"
        }
      ],
      "title": "CVE-2023-4785"
    },
    {
      "cve": "CVE-2023-7272",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7272",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-7272"
    },
    {
      "cve": "CVE-2023-24998",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-399",
          "title": "CWE-399"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-764778",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-764725",
          "CSAFPID-764726",
          "CSAFPID-764727",
          "CSAFPID-764728",
          "CSAFPID-764729",
          "CSAFPID-764730",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-24998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-25399",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Release of Memory after Effective Lifetime",
          "title": "CWE-401"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-25399",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-25399.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-25399"
    },
    {
      "cve": "CVE-2023-29824",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29824",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29824.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-29824"
    },
    {
      "cve": "CVE-2023-32732",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-32732",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32732.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-32732"
    },
    {
      "cve": "CVE-2023-33202",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650735",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33202",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650735",
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-33202"
    },
    {
      "cve": "CVE-2023-33953",
      "cwe": {
        "id": "CWE-834",
        "name": "Excessive Iteration"
      },
      "notes": [
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33953",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33953.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-33953"
    },
    {
      "cve": "CVE-2023-43804",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-43804",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43804.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220545",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764235",
          "CSAFPID-764236",
          "CSAFPID-816761",
          "CSAFPID-816762",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220545",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764235",
            "CSAFPID-764236",
            "CSAFPID-816761",
            "CSAFPID-816762",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45803",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45803",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45803.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-45803"
    },
    {
      "cve": "CVE-2023-50782",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Timing Discrepancy",
          "title": "CWE-208"
        },
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-50782",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50782.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-1650736",
            "CSAFPID-257324",
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-1135",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-1135",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1135.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-1135"
    },
    {
      "cve": "CVE-2024-4741",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4741",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
        }
      ],
      "title": "CVE-2024-4741"
    },
    {
      "cve": "CVE-2024-5535",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Dependency on Vulnerable Third-Party Component",
          "title": "CWE-1395"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-135810",
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-5535",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-135810",
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-22195",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-26130",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-9493",
          "CSAFPID-220560",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26130",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-9493",
            "CSAFPID-220560",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29131",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324",
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-1650736"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29131",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324",
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-1650736"
          ]
        }
      ],
      "title": "CVE-2024-29131"
    },
    {
      "cve": "CVE-2024-34064",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-816763",
          "CSAFPID-1503573",
          "CSAFPID-765385",
          "CSAFPID-764234",
          "CSAFPID-764236",
          "CSAFPID-1503574",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-34064",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816763",
            "CSAFPID-1503573",
            "CSAFPID-765385",
            "CSAFPID-764234",
            "CSAFPID-764236",
            "CSAFPID-1503574",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-34064"
    },
    {
      "cve": "CVE-2024-35195",
      "cwe": {
        "id": "CWE-670",
        "name": "Always-Incorrect Control Flow Implementation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Always-Incorrect Control Flow Implementation",
          "title": "CWE-670"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35195",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-35195"
    },
    {
      "cve": "CVE-2024-36114",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36114",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-36114"
    },
    {
      "cve": "CVE-2024-37891",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Resource Transfer Between Spheres",
          "title": "CWE-669"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38809",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195",
          "CSAFPID-1650736",
          "CSAFPID-257324",
          "CSAFPID-135810"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38809",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195",
            "CSAFPID-1650736",
            "CSAFPID-257324",
            "CSAFPID-135810"
          ]
        }
      ],
      "title": "CVE-2024-38809"
    },
    {
      "cve": "CVE-2024-38820",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38820",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-38820"
    },
    {
      "cve": "CVE-2024-43382",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Encryption of Sensitive Data",
          "title": "CWE-311"
        },
        {
          "category": "other",
          "text": "Inadequate Encryption Strength",
          "title": "CWE-326"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-220560",
          "CSAFPID-1673195"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43382",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43382.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-220560",
            "CSAFPID-1673195"
          ]
        }
      ],
      "title": "CVE-2024-43382"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650736",
          "CSAFPID-257324"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650736",
            "CSAFPID-257324"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2025-21532",
      "product_status": {
        "known_affected": [
          "CSAFPID-1751157"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21532",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21532.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751157"
          ]
        }
      ],
      "title": "CVE-2025-21532"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.