Vulnerability-Lookup

NCSC-2025-0123

Vulnerability from csaf_ncscnl - Published: 2025-04-16 08:37 - Updated: 2025-04-16 08:37

Summary

Kwetsbaarheden verholpen in Oracle Database Producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.

Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-385: Covert Timing Channel

CWE-347: Improper Verification of Cryptographic Signature

CWE-1286: Improper Validation of Syntactic Correctness of Input

CWE-125: Out-of-bounds Read

CWE-404: Improper Resource Shutdown or Release

CWE-400: Uncontrolled Resource Consumption

CWE-502: Deserialization of Untrusted Data

CWE-918: Server-Side Request Forgery (SSRF)

CWE-787: Out-of-bounds Write

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-44: Path Equivalence: 'file.name' (Internal Dot)

CWE-226: Sensitive Information in Resource Not Removed Before Reuse

CWE-706: Use of Incorrectly-Resolved Name or Reference

CWE-669: Incorrect Resource Transfer Between Spheres

CWE-755: Improper Handling of Exceptional Conditions

CWE-178: Improper Handling of Case Sensitivity

CWE-193: Off-by-one Error

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-523: Unprotected Transport of Credentials

CWE-190: Integer Overflow or Wraparound

CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-285: Improper Authorization

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-284: Improper Access Control

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-476: NULL Pointer Dereference

CWE-459: Incomplete Cleanup

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-674: Uncontrolled Recursion

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-121: Stack-based Buffer Overflow

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-269: Improper Privilege Management

CWE-287: Improper Authentication

CVE-2020-1935

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-1938

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-285 - Improper Authorization

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-9484

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-11996

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-13935

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-13943

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2020-36843

4.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-24122

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-25122

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-25329

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-30640

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-287 - Improper Authentication

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-33037

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-41079

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-41184

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-42575

CWE-20 - Improper Input Validation

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2021-43980

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2022-3786

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-193 - Off-by-one Error

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2022-25762

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2022-42252

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-28708

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-34053

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-41080

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-42795

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-459 - Incomplete Cleanup

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-45648

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2023-46589

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-6763

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-8176

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-8184

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-9143

CWE-787 - Out-of-bounds Write

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-11053

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-11233

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-11234

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-11236

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-13176

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-23672

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-459 - Incomplete Cleanup

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-24549

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-36114

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-37891

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-669 - Incorrect Resource Transfer Between Spheres

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-38819

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-38820

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-38999

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-39338

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-47554

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-47561

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-53382

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2024-57699

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-21578

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-24813

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-24970

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-25193

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-26791

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-30694

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-30701

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-30702

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-30733

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

CVE-2025-30736

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Known affected 59 products

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

References

58 references

URL	Category
https://www.oracle.com/security-alerts/cpuapr2025.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores vari\u00ebrend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Covert Timing Channel",
        "title": "CWE-385"
      },
      {
        "category": "general",
        "text": "Improper Verification of Cryptographic Signature",
        "title": "CWE-347"
      },
      {
        "category": "general",
        "text": "Improper Validation of Syntactic Correctness of Input",
        "title": "CWE-1286"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
        "title": "CWE-44"
      },
      {
        "category": "general",
        "text": "Sensitive Information in Resource Not Removed Before Reuse",
        "title": "CWE-226"
      },
      {
        "category": "general",
        "text": "Use of Incorrectly-Resolved Name or Reference",
        "title": "CWE-706"
      },
      {
        "category": "general",
        "text": "Incorrect Resource Transfer Between Spheres",
        "title": "CWE-669"
      },
      {
        "category": "general",
        "text": "Improper Handling of Exceptional Conditions",
        "title": "CWE-755"
      },
      {
        "category": "general",
        "text": "Improper Handling of Case Sensitivity",
        "title": "CWE-178"
      },
      {
        "category": "general",
        "text": "Off-by-one Error",
        "title": "CWE-193"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Unprotected Transport of Credentials",
        "title": "CWE-523"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
        "title": "CWE-614"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Incomplete Cleanup",
        "title": "CWE-459"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
        "title": "CWE-74"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Database Producten",
    "tracking": {
      "current_release_date": "2025-04-16T08:37:39.412900Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0123",
      "initial_release_date": "2025-04-16T08:37:39.412900Z",
      "revision_history": [
        {
          "date": "2025-04-16T08:37:39.412900Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/22.1",
                    "product": {
                      "name": "vers:unknown/22.1",
                      "product_id": "CSAFPID-1304603"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Database Server"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/13.5.0.0",
                    "product": {
                      "name": "vers:unknown/13.5.0.0",
                      "product_id": "CSAFPID-1201359"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Enterprise Manager for Oracle Database"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
                    "product": {
                      "name": "vers:unknown/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
                      "product_id": "CSAFPID-2698376"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/\u003e=21.3|\u003c=21.17",
                    "product": {
                      "name": "vers:unknown/\u003e=21.3|\u003c=21.17",
                      "product_id": "CSAFPID-2698377"
                    }
                  }
                ],
                "category": "product_name",
                "name": "GoldenGate"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/23.1",
                    "product": {
                      "name": "vers:oracle/23.1",
                      "product_id": "CSAFPID-1238473"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/2.0",
                    "product": {
                      "name": "vers:unknown/2.0",
                      "product_id": "CSAFPID-1237753"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/20.2",
                    "product": {
                      "name": "vers:unknown/20.2",
                      "product_id": "CSAFPID-1238475"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/23.1",
                    "product": {
                      "name": "vers:unknown/23.1",
                      "product_id": "CSAFPID-1296375"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/none",
                    "product": {
                      "name": "vers:unknown/none",
                      "product_id": "CSAFPID-1237603"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Big Data Spatial and Graph"
              }
            ],
            "category": "product_family",
            "name": "Oracle"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003e=19.3|\u003c=19.22",
                "product": {
                  "name": "vers:oracle/\u003e=19.3|\u003c=19.22",
                  "product_id": "CSAFPID-1145825"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003e=21.3|\u003c=21.13",
                "product": {
                  "name": "vers:oracle/\u003e=21.3|\u003c=21.13",
                  "product_id": "CSAFPID-1145826"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Database Server"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=19.3|\u003c=19.26",
                    "product": {
                      "name": "vers:oracle/\u003e=19.3|\u003c=19.26",
                      "product_id": "CSAFPID-2698969",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=21.3|\u003c=21.17",
                    "product": {
                      "name": "vers:oracle/\u003e=21.3|\u003c=21.17",
                      "product_id": "CSAFPID-2698968",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=21.4|\u003c=21.16",
                    "product": {
                      "name": "vers:oracle/\u003e=21.4|\u003c=21.16",
                      "product_id": "CSAFPID-1839905",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=23.4|\u003c=23.7",
                    "product": {
                      "name": "vers:oracle/\u003e=23.4|\u003c=23.7",
                      "product_id": "CSAFPID-2698934",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Database Server"
              }
            ],
            "category": "product_family",
            "name": "Oracle Database Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/13.5.0.0",
                "product": {
                  "name": "vers:oracle/13.5.0.0",
                  "product_id": "CSAFPID-1144644"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Manager for Oracle Database"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/1.5.0",
                    "product": {
                      "name": "vers:oracle/1.5.0",
                      "product_id": "CSAFPID-2699002",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/1.6.0",
                    "product": {
                      "name": "vers:oracle/1.6.0",
                      "product_id": "CSAFPID-2699003",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/1.6.1",
                    "product": {
                      "name": "vers:oracle/1.6.1",
                      "product_id": "CSAFPID-2699004",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle NoSQL Database"
              }
            ],
            "category": "product_family",
            "name": "Oracle NoSQL Database"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
                    "product": {
                      "name": "vers:oracle/\u003e=22.1.1.1.0|\u003c=22.1.1.30.0",
                      "product_id": "CSAFPID-2699053",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle TimesTen In-Memory Database"
              }
            ],
            "category": "product_family",
            "name": "Oracle TimesTen In-Memory Database"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/25.1.0",
                    "product": {
                      "name": "vers:oracle/25.1.0",
                      "product_id": "CSAFPID-2698932",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/25.2.0",
                    "product": {
                      "name": "vers:oracle/25.2.0",
                      "product_id": "CSAFPID-2698931",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
                    "product": {
                      "name": "vers:oracle/\u003e=23.8.0|\u003c=23.11.0",
                      "product_id": "CSAFPID-2698930",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
                    "product": {
                      "name": "vers:oracle/\u003e=24.1.0|\u003c=24.11.0",
                      "product_id": "CSAFPID-2698933",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Autonomous Health Framework"
              }
            ],
            "category": "product_family",
            "name": "Oracle Autonomous Health Framework"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/21.7.1.0.0",
                    "product": {
                      "name": "vers:oracle/21.7.1.0.0",
                      "product_id": "CSAFPID-2698943",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Essbase"
              }
            ],
            "category": "product_family",
            "name": "Oracle Essbase"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
                    "product": {
                      "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.10",
                      "product_id": "CSAFPID-2698949",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "GoldenGate Stream Analytics"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
                    "product": {
                      "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.26.0.0.250219",
                      "product_id": "CSAFPID-2698941",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=21.3|\u003c=21.17",
                    "product": {
                      "name": "vers:oracle/\u003e=21.3|\u003c=21.17",
                      "product_id": "CSAFPID-2698942",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=23.4|\u003c=23.7",
                    "product": {
                      "name": "vers:oracle/\u003e=23.4|\u003c=23.7",
                      "product_id": "CSAFPID-2699022",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle GoldenGate"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
                    "product": {
                      "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.18",
                      "product_id": "CSAFPID-1839977",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
                    "product": {
                      "name": "vers:oracle/\u003e=21.3.0.0.0|\u003c=21.16.0.0.0",
                      "product_id": "CSAFPID-1840034",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/\u003e=23.4|\u003c=23.6",
                    "product": {
                      "name": "vers:oracle/\u003e=23.4|\u003c=23.6",
                      "product_id": "CSAFPID-1840035",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle GoldenGate Big Data and Application Adapters"
              }
            ],
            "category": "product_family",
            "name": "Oracle GoldenGate"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
                "product": {
                  "name": "vers:oracle/\u003e=19.1.0.0.0|\u003c=19.1.0.0.7",
                  "product_id": "CSAFPID-1144602"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle GoldenGate Stream Analytics"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003c23.1",
                "product": {
                  "name": "vers:oracle/\u003c23.1",
                  "product_id": "CSAFPID-1145800"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/2.0",
                "product": {
                  "name": "vers:unknown/2.0",
                  "product_id": "CSAFPID-356315",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:unknown/23.1",
                "product": {
                  "name": "vers:unknown/23.1",
                  "product_id": "CSAFPID-356152"
                }
              }
            ],
            "category": "product_name",
            "name": "Big Data Spatial and Graph"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/23.4.3",
                    "product": {
                      "name": "vers:oracle/23.4.3",
                      "product_id": "CSAFPID-2699065",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/24.3.0",
                    "product": {
                      "name": "vers:oracle/24.3.0",
                      "product_id": "CSAFPID-2699066",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/23.4.4",
                    "product": {
                      "name": "vers:oracle/23.4.4",
                      "product_id": "CSAFPID-1840017",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/24.4.0",
                    "product": {
                      "name": "vers:oracle/24.4.0",
                      "product_id": "CSAFPID-1840013",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Graph Server and Client"
              }
            ],
            "category": "product_family",
            "name": "Oracle Graph Server and Client"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003c=22.4.7",
                "product": {
                  "name": "vers:oracle/\u003c=22.4.7",
                  "product_id": "CSAFPID-1145419",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003c=23.4.2",
                "product": {
                  "name": "vers:oracle/\u003c=23.4.2",
                  "product_id": "CSAFPID-1145421",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:oracle/\u003c=24.1.0",
                "product": {
                  "name": "vers:oracle/\u003c=24.1.0",
                  "product_id": "CSAFPID-1145422",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Graph Server and Client"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:oracle/3.0.6",
                "product": {
                  "name": "vers:oracle/3.0.6",
                  "product_id": "CSAFPID-1145420",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Big Data Spatial and Graph"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.1.0.1",
                    "product": {
                      "name": "vers:oracle/12.1.0.1",
                      "product_id": "CSAFPID-2699109",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.1.0.2",
                    "product": {
                      "name": "vers:oracle/12.1.0.2",
                      "product_id": "CSAFPID-2699107",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/12.1.0.3",
                    "product": {
                      "name": "vers:oracle/12.1.0.3",
                      "product_id": "CSAFPID-2699106",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/18.1.0.0",
                    "product": {
                      "name": "vers:oracle/18.1.0.0",
                      "product_id": "CSAFPID-2699110",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/18.1.0.1",
                    "product": {
                      "name": "vers:oracle/18.1.0.1",
                      "product_id": "CSAFPID-2698972",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:oracle/18.1.0.2",
                    "product": {
                      "name": "vers:oracle/18.1.0.2",
                      "product_id": "CSAFPID-2699108",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oracle Secure Backup"
              }
            ],
            "category": "product_family",
            "name": "Oracle Secure Backup"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/19.3|\u003c=19.26",
                "product": {
                  "name": "vers:semver/19.3|\u003c=19.26",
                  "product_id": "CSAFPID-2698485"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/21.3|\u003c=21.17",
                "product": {
                  "name": "vers:semver/21.3|\u003c=21.17",
                  "product_id": "CSAFPID-2698486"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/23.4|\u003c=23.7",
                "product": {
                  "name": "vers:semver/23.4|\u003c=23.7",
                  "product_id": "CSAFPID-2698487"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Database Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/12.1.0.1",
                "product": {
                  "name": "vers:semver/12.1.0.1",
                  "product_id": "CSAFPID-2698463"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/12.1.0.2",
                "product": {
                  "name": "vers:semver/12.1.0.2",
                  "product_id": "CSAFPID-2698464"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/12.1.0.3",
                "product": {
                  "name": "vers:semver/12.1.0.3",
                  "product_id": "CSAFPID-2698465"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/18.1.0.0",
                "product": {
                  "name": "vers:semver/18.1.0.0",
                  "product_id": "CSAFPID-2698466"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/18.1.0.1",
                "product": {
                  "name": "vers:semver/18.1.0.1",
                  "product_id": "CSAFPID-2698467"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/18.1.0.2",
                "product": {
                  "name": "vers:semver/18.1.0.2",
                  "product_id": "CSAFPID-2698468"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Secure Backup"
          }
        ],
        "category": "vendor",
        "name": "Oracle Corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-1935",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2020-1935"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-1938",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2020-1938"
    },
    {
      "cve": "CVE-2020-9484",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-9484",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2020-9484"
    },
    {
      "cve": "CVE-2020-11996",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11996",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json"
        }
      ],
      "title": "CVE-2020-11996"
    },
    {
      "cve": "CVE-2020-13935",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13935",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json"
        }
      ],
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13943",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13943",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2020-13943"
    },
    {
      "cve": "CVE-2020-36843",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Verification of Cryptographic Signature",
          "title": "CWE-347"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36843",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2020-36843"
    },
    {
      "cve": "CVE-2021-24122",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-24122",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-24122"
    },
    {
      "cve": "CVE-2021-25122",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-25122",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-25122"
    },
    {
      "cve": "CVE-2021-25329",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-25329",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-25329"
    },
    {
      "cve": "CVE-2021-30640",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authentication",
          "title": "CWE-287"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-30640",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-30640"
    },
    {
      "cve": "CVE-2021-33037",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-33037",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-41079",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-41079",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-41079"
    },
    {
      "cve": "CVE-2021-41184",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-41184",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-42575",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-42575",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json"
        }
      ],
      "title": "CVE-2021-42575"
    },
    {
      "cve": "CVE-2021-43980",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-43980",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2021-43980"
    },
    {
      "cve": "CVE-2022-3786",
      "cwe": {
        "id": "CWE-193",
        "name": "Off-by-one Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Off-by-one Error",
          "title": "CWE-193"
        },
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        },
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-3786",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2022-3786"
    },
    {
      "cve": "CVE-2022-25762",
      "cwe": {
        "id": "CWE-226",
        "name": "Sensitive Information in Resource Not Removed Before Reuse"
      },
      "notes": [
        {
          "category": "other",
          "text": "Sensitive Information in Resource Not Removed Before Reuse",
          "title": "CWE-226"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Improper Handling of Exceptional Conditions",
          "title": "CWE-755"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-25762",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2022-25762"
    },
    {
      "cve": "CVE-2022-42252",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-42252",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2022-42252"
    },
    {
      "cve": "CVE-2023-28708",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Unprotected Transport of Credentials",
          "title": "CWE-523"
        },
        {
          "category": "other",
          "text": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
          "title": "CWE-614"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-28708",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-34053",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-34053",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-34053"
    },
    {
      "cve": "CVE-2023-41080",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-41080",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-42795",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete Cleanup",
          "title": "CWE-459"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-42795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-42795"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-44487",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45648",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45648",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-45648"
    },
    {
      "cve": "CVE-2023-46589",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46589",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2024-6763",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Syntactic Correctness of Input",
          "title": "CWE-1286"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6763",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
        }
      ],
      "title": "CVE-2024-6763"
    },
    {
      "cve": "CVE-2024-8176",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8176",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-8176"
    },
    {
      "cve": "CVE-2024-8184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8184",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-8184"
    },
    {
      "cve": "CVE-2024-9143",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9143",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
        }
      ],
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2024-11053",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11053",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-11053"
    },
    {
      "cve": "CVE-2024-11233",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11233",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-11233"
    },
    {
      "cve": "CVE-2024-11234",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "title": "CWE-74"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11234",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-11234"
    },
    {
      "cve": "CVE-2024-11236",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11236",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-11236"
    },
    {
      "cve": "CVE-2024-13176",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Covert Timing Channel",
          "title": "CWE-385"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-13176",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-13176"
    },
    {
      "cve": "CVE-2024-23672",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete Cleanup",
          "title": "CWE-459"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23672",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-24549",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24549",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-36114",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36114",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-36114"
    },
    {
      "cve": "CVE-2024-37891",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Resource Transfer Between Spheres",
          "title": "CWE-669"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37891",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38819",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38819",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-38820",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38820",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-38820"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-39338",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-39338",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-39338"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-53382",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-53382",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-53382"
    },
    {
      "cve": "CVE-2024-57699",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-57699",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2025-21578",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21578",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-21578"
    },
    {
      "cve": "CVE-2025-24813",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Path Equivalence: \u0027file.name\u0027 (Internal Dot)",
          "title": "CWE-44"
        },
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Use of Incorrectly-Resolved Name or Reference",
          "title": "CWE-706"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24813",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-24813"
    },
    {
      "cve": "CVE-2025-24970",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24970",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-25193",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25193",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-25193"
    },
    {
      "cve": "CVE-2025-26791",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26791",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-26791"
    },
    {
      "cve": "CVE-2025-30694",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30694",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-30694"
    },
    {
      "cve": "CVE-2025-30701",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30701",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-30701"
    },
    {
      "cve": "CVE-2025-30702",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30702",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-30702"
    },
    {
      "cve": "CVE-2025-30733",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30733",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-30733"
    },
    {
      "cve": "CVE-2025-30736",
      "product_status": {
        "known_affected": [
          "CSAFPID-1304603",
          "CSAFPID-1201359",
          "CSAFPID-1145825",
          "CSAFPID-2698969",
          "CSAFPID-1145826",
          "CSAFPID-2698968",
          "CSAFPID-1839905",
          "CSAFPID-2698934",
          "CSAFPID-1144644",
          "CSAFPID-2699002",
          "CSAFPID-2699003",
          "CSAFPID-2699004",
          "CSAFPID-2699053",
          "CSAFPID-2698485",
          "CSAFPID-2698486",
          "CSAFPID-2698487",
          "CSAFPID-2698932",
          "CSAFPID-2698931",
          "CSAFPID-2698930",
          "CSAFPID-2698933",
          "CSAFPID-2698943",
          "CSAFPID-2698376",
          "CSAFPID-2698377",
          "CSAFPID-2698949",
          "CSAFPID-2698941",
          "CSAFPID-2698942",
          "CSAFPID-2699022",
          "CSAFPID-1839977",
          "CSAFPID-1840034",
          "CSAFPID-1840035",
          "CSAFPID-1144602",
          "CSAFPID-1238473",
          "CSAFPID-1145800",
          "CSAFPID-356315",
          "CSAFPID-1237753",
          "CSAFPID-1238475",
          "CSAFPID-1296375",
          "CSAFPID-356152",
          "CSAFPID-1237603",
          "CSAFPID-2699065",
          "CSAFPID-2699066",
          "CSAFPID-1840017",
          "CSAFPID-1840013",
          "CSAFPID-1145419",
          "CSAFPID-1145421",
          "CSAFPID-1145422",
          "CSAFPID-1145420",
          "CSAFPID-2699109",
          "CSAFPID-2699107",
          "CSAFPID-2699106",
          "CSAFPID-2699110",
          "CSAFPID-2698972",
          "CSAFPID-2699108",
          "CSAFPID-2698463",
          "CSAFPID-2698464",
          "CSAFPID-2698465",
          "CSAFPID-2698466",
          "CSAFPID-2698467",
          "CSAFPID-2698468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30736",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1304603",
            "CSAFPID-1201359",
            "CSAFPID-1145825",
            "CSAFPID-2698969",
            "CSAFPID-1145826",
            "CSAFPID-2698968",
            "CSAFPID-1839905",
            "CSAFPID-2698934",
            "CSAFPID-1144644",
            "CSAFPID-2699002",
            "CSAFPID-2699003",
            "CSAFPID-2699004",
            "CSAFPID-2699053",
            "CSAFPID-2698485",
            "CSAFPID-2698486",
            "CSAFPID-2698487",
            "CSAFPID-2698932",
            "CSAFPID-2698931",
            "CSAFPID-2698930",
            "CSAFPID-2698933",
            "CSAFPID-2698943",
            "CSAFPID-2698376",
            "CSAFPID-2698377",
            "CSAFPID-2698949",
            "CSAFPID-2698941",
            "CSAFPID-2698942",
            "CSAFPID-2699022",
            "CSAFPID-1839977",
            "CSAFPID-1840034",
            "CSAFPID-1840035",
            "CSAFPID-1144602",
            "CSAFPID-1238473",
            "CSAFPID-1145800",
            "CSAFPID-356315",
            "CSAFPID-1237753",
            "CSAFPID-1238475",
            "CSAFPID-1296375",
            "CSAFPID-356152",
            "CSAFPID-1237603",
            "CSAFPID-2699065",
            "CSAFPID-2699066",
            "CSAFPID-1840017",
            "CSAFPID-1840013",
            "CSAFPID-1145419",
            "CSAFPID-1145421",
            "CSAFPID-1145422",
            "CSAFPID-1145420",
            "CSAFPID-2699109",
            "CSAFPID-2699107",
            "CSAFPID-2699106",
            "CSAFPID-2699110",
            "CSAFPID-2698972",
            "CSAFPID-2699108",
            "CSAFPID-2698463",
            "CSAFPID-2698464",
            "CSAFPID-2698465",
            "CSAFPID-2698466",
            "CSAFPID-2698467",
            "CSAFPID-2698468"
          ]
        }
      ],
      "title": "CVE-2025-30736"
    }
  ]
}

CVE-2020-11996 (GCVE-0-2020-11996)

Vulnerability from cvelistv5 – Published: 2020-06-26 16:27 – Updated: 2024-08-04 11:48

Summary

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Severity

No CVSS data available.

CWE

Denial of Service

Assigner

apache

References

24 references

URL	Tags
https://lists.apache.org/thread.html/r5541ef6b6b6…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/ra7092f74925…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb4ee49ecc4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb820f1a2a02…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8f748458945…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r74f5a8204ef…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rea65d6ef2e4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc80b96b4b96…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r93ca628ef3a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8f3d416c193…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9ad911fe494…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ref0339792ac…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6c29801370a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3ea96d8f36d…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2020/dsa-4727	vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/r2529016c311…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020070…	x_refsource_CONFIRM
https://usn.ubuntu.com/4596-1/	vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r5a4f80a6acc…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Apache	Apache Tomcat	Affected: 10.0.0-M1 to 10.0.0-M5 Affected: 9.0.0.M1 to 9.0.35 Affected: 8.5.0 to 8.5.55

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release18.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9%40%3Ccommits.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release17.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b%40%3Ccommits.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch trunk updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561%40%3Ccommits.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200701 [jira] [Reopened] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200703 [jira] [Comment Edited] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200703 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200703 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
          },
          {
            "name": "DSA-4727",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4727"
          },
          {
            "name": "openSUSE-SU-2020:1051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2020:1063",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html"
          },
          {
            "name": "[tomcat-users] 20201008 Is Tomcat7 supports HTTP2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200709-0002/"
          },
          {
            "name": "USN-4596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4596-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[ofbiz-notifications] 20210301 [jira] [Updated] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2%40%3Cnotifications.ofbiz.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0-M1 to 10.0.0-M5"
            },
            {
              "status": "affected",
              "version": "9.0.0.M1 to 9.0.35"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.55"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-01T20:06:29.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release18.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9%40%3Ccommits.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release17.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b%40%3Ccommits.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch trunk updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561%40%3Ccommits.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200701 [jira] [Reopened] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200703 [jira] [Comment Edited] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200703 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200703 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
        },
        {
          "name": "DSA-4727",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4727"
        },
        {
          "name": "openSUSE-SU-2020:1051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2020:1063",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html"
        },
        {
          "name": "[tomcat-users] 20201008 Is Tomcat7 supports HTTP2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200709-0002/"
        },
        {
          "name": "USN-4596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4596-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[ofbiz-notifications] 20210301 [jira] [Updated] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2%40%3Cnotifications.ofbiz.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0-M1 to 10.0.0-M5"
                          },
                          {
                            "version_value": "9.0.0.M1 to 9.0.35"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.55"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "CONFIRM",
              "url": "https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release18.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch release17.12 updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-commits] 20200628 [ofbiz-framework] branch trunk updated: Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200701 [jira] [Reopened] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ad911fe49450ed9405827af0e7a74104041081ff91864b1f2546bbd@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200703 [jira] [Comment Edited] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ref0339792ac6dac1dba83c071a727ad72380899bde60f6aaad4031b9@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200703 [jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6c29801370a36c1a5159679269777ad0c73276d3015b8bbefea66e5c@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200703 [jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ea96d8f36dd404acce83df8aeb22a9e807d6c13ca9c5dec72f872cd@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
            },
            {
              "name": "DSA-4727",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4727"
            },
            {
              "name": "openSUSE-SU-2020:1051",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:1063",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00072.html"
            },
            {
              "name": "[tomcat-users] 20201008 Is Tomcat7 supports HTTP2",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2529016c311ce9485e6f173446d469600fdfbb94dccadfcd9dfdac79@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200709-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200709-0002/"
            },
            {
              "name": "USN-4596-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4596-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[ofbiz-notifications] 20210301 [jira] [Updated] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5a4f80a6acc6607d61dae424b643b594c6188dd4e1eff04705c10db2@%3Cnotifications.ofbiz.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11996",
    "datePublished": "2020-06-26T16:27:20.000Z",
    "dateReserved": "2020-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:48:57.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13935 (GCVE-0-2020-13935)

Vulnerability from cvelistv5 – Published: 2020-07-14 15:00 – Updated: 2024-08-04 12:32

Summary

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Severity

No CVSS data available.

CWE

Denial of Service

Assigner

apache

References

17 references

URL	Tags
https://lists.apache.org/thread.html/rd48c72bd325…	x_refsource_MISC
https://www.debian.org/security/2020/dsa-4727	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4448-1/	vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020072…	x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
https://usn.ubuntu.com/4596-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.apache.org/thread.html/r4e5d3c09f4d…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Apache Tomcat	Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "DSA-4727",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4727"
          },
          {
            "name": "[debian-lts-announce] 20200722 [SECURITY] [DLA 2286-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
          },
          {
            "name": "openSUSE-SU-2020:1111",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"
          },
          {
            "name": "USN-4448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4448-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "USN-4596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4596-1/"
          },
          {
            "name": "[tomcat-users] 20201118 Re: Strange crash-on-takeoff, Tomcat 7.0.104",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:20.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "DSA-4727",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4727"
        },
        {
          "name": "[debian-lts-announce] 20200722 [SECURITY] [DLA 2286-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
        },
        {
          "name": "openSUSE-SU-2020:1111",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"
        },
        {
          "name": "USN-4448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4448-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "USN-4596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4596-1/"
        },
        {
          "name": "[tomcat-users] 20201118 Re: Strange crash-on-takeoff, Tomcat 7.0.104",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-13935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, 7.0.27 to 7.0.104"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "DSA-4727",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4727"
            },
            {
              "name": "[debian-lts-announce] 20200722 [SECURITY] [DLA 2286-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1102",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html"
            },
            {
              "name": "openSUSE-SU-2020:1111",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html"
            },
            {
              "name": "USN-4448-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4448-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200724-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200724-0003/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "USN-4596-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4596-1/"
            },
            {
              "name": "[tomcat-users] 20201118 Re: Strange crash-on-takeoff, Tomcat 7.0.104",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13935",
    "datePublished": "2020-07-14T15:00:21.000Z",
    "dateReserved": "2020-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:32:14.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13943 (GCVE-0-2020-13943)

Vulnerability from cvelistv5 – Published: 2020-10-12 13:46 – Updated: 2024-08-04 12:32

Summary

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Severity

No CVSS data available.

CWE

Information Disclosure

Assigner

apache

References

7 references

URL	Tags
https://lists.apache.org/thread.html/r4a390027eb2…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.debian.org/security/2021/dsa-4835	vendor-advisoryx_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020101…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	Apache Tomcat	Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37, 8.5.0 to 8.5.57

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20201014 [SECURITY] [DLA 2407-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1799",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2020:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html"
          },
          {
            "name": "DSA-4835",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4835"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201016-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37, 8.5.0 to 8.5.57"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:16.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20201014 [SECURITY] [DLA 2407-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1799",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2020:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html"
        },
        {
          "name": "DSA-4835",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4835"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201016-0007/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-13943",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37, 8.5.0 to 8.5.57"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20201014 [SECURITY] [DLA 2407-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1799",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2020:1842",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00021.html"
            },
            {
              "name": "DSA-4835",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4835"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201016-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201016-0007/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13943",
    "datePublished": "2020-10-12T13:46:47.000Z",
    "dateReserved": "2020-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:32:14.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1935 (GCVE-0-2020-1935)

Vulnerability from cvelistv5 – Published: 2020-02-24 21:11 – Updated: 2024-08-04 06:53

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Severity

No CVSS data available.

CWE

HTTP Request Smuggling

Assigner

apache

References

19 references

URL	Tags
https://lists.apache.org/thread.html/r127f76181ac…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/rc31cbabb46c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7bc994c965a…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2020/dsa-4673	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4680	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020032…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r441c1f30a25…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r660cd379afe…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd547be0c9d8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra5dee390ad2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r80e9c8417c7…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4448-1/	vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r9ce7918faf3…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Apache	Apache Tomcat	Affected: Apache Tomcat 9.0.0.M1 to 9.0.30 Affected: 8.5.0 to 8.5.50 Affected: 7.0.0 to 7.0.99

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:53:59.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
          },
          {
            "name": "openSUSE-SU-2020:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "DSA-4673",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4673"
          },
          {
            "name": "DSA-4680",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4680"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
          },
          {
            "name": "[tomcat-users] 20200724 CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "USN-4448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4448-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 9.0.0.M1 to 9.0.30"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.50"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.0.99"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP Request Smuggling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T16:06:15.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
        },
        {
          "name": "openSUSE-SU-2020:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "DSA-4673",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4673"
        },
        {
          "name": "DSA-4680",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4680"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
        },
        {
          "name": "[tomcat-users] 20200724 CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "USN-4448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4448-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.30"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.50"
                          },
                          {
                            "version_value": "7.0.0 to 7.0.99"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Smuggling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2020:0345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "DSA-4673",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4673"
            },
            {
              "name": "DSA-4680",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4680"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200327-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
            },
            {
              "name": "[tomcat-users] 20200724 CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "USN-4448-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4448-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1935",
    "datePublished": "2020-02-24T21:11:38.000Z",
    "dateReserved": "2019-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:53:59.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1938 (GCVE-0-2020-1938)

Vulnerability from cvelistv5 – Published: 2020-02-24 21:19 – Updated: 2025-10-21 23:35

Summary

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

AJP Request Injection leading to possible Remote Code Execution

Assigner

apache

References

51 references

URL	Tags
https://lists.apache.org/thread.html/r7c6f492fbd3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r856cdd87eda…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r75113652e46…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd0774c95699…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r74328b178f9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rce2af55f6e1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rad36ec6a1ff…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb2fc890bef2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r38a5b7943b9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r17aaa3a05b5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd50baccd1bb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4afa11e0464…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r772335e6851…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re5eecbe5bf9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5e2f1201b92…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r549b43509e3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r61f280a7690…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4f86cb26019…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9f119d9ce92…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r089dc67c035…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbdb1d2b651a…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/rc068e824654…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf26663f42e7…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202003-43	vendor-advisoryx_refsource_GENTOO
https://lists.apache.org/thread.html/rcd5cd301e9e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf992c5adf37…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6a5633cad1b…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/r43faacf6457…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.debian.org/security/2020/dsa-4673	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4680	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb1c0fb105ce…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra7092f74925…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8f748458945…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020022…	x_refsource_CONFIRM
http://support.blackberry.com/kb/articleDetail?ar…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r92d78655c06…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://lists.apache.org/thread.html/r57f5e4ced43…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r47caef01f66…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r90890afea72…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1125f3044a0…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Apache	Apache Tomcat	Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.30 Affected: 8.5.0 to 8.5.50 Affected: 7.0.0 to 7.0.99

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
          },
          {
            "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
          },
          {
            "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"
          },
          {
            "name": "GLSA-202003-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-43"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-0e42878ba7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
          },
          {
            "name": "FEDORA-2020-c870aa8378",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
          },
          {
            "name": "FEDORA-2020-04ac174fa9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
          },
          {
            "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0597",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
          },
          {
            "name": "DSA-4673",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4673"
          },
          {
            "name": "DSA-4680",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4680"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
          },
          {
            "name": "[tomee-users] 20200723 Re: TomEE on Docker",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-1938",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:05:38.047118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:50.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2020-1938 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 9.0.0.M1 to 9.0.0.30"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.50"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.0.99"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "AJP Request Injection leading to possible Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:06:28.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
        },
        {
          "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
        },
        {
          "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"
        },
        {
          "name": "GLSA-202003-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-43"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2020-0e42878ba7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
        },
        {
          "name": "FEDORA-2020-c870aa8378",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
        },
        {
          "name": "FEDORA-2020-04ac174fa9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
        },
        {
          "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0597",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
        },
        {
          "name": "DSA-4673",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4673"
        },
        {
          "name": "DSA-4680",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4680"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
        },
        {
          "name": "[tomee-users] 20200723 Re: TomEE on Docker",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.0.30"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.50"
                          },
                          {
                            "version_value": "7.0.0 to 7.0.99"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AJP Request Injection leading to possible Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
            },
            {
              "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
            },
            {
              "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E"
            },
            {
              "name": "GLSA-202003-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-43"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-0e42878ba7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
            },
            {
              "name": "FEDORA-2020-c870aa8378",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
            },
            {
              "name": "FEDORA-2020-04ac174fa9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
            },
            {
              "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0597",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
            },
            {
              "name": "DSA-4673",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4673"
            },
            {
              "name": "DSA-4680",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4680"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200226-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
            },
            {
              "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739",
              "refsource": "CONFIRM",
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
            },
            {
              "name": "[tomee-users] 20200723 Re: TomEE on Docker",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1938",
    "datePublished": "2020-02-24T21:19:18.000Z",
    "dateReserved": "2019-12-02T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:50.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36843 (GCVE-0-2020-36843)

Vulnerability from cvelistv5 – Published: 2025-03-13 00:00 – Updated: 2025-03-18 16:22

Summary

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

mitre

References

2 references

URL	Tags
https://github.com/str4d/ed25519-java/issues/82#i…
https://eprint.iacr.org/2020/1244

Impacted products

1 product

Vendor	Product	Version
str4d	ed25519-java	Affected: 0 , ≤ 0.3.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36843",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T16:22:00.551300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T16:22:08.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ed25519-java",
          "vendor": "str4d",
          "versions": [
            {
              "lessThanOrEqual": "0.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-13T05:20:08.585Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/str4d/ed25519-java/issues/82#issue-727629226"
        },
        {
          "url": "https://eprint.iacr.org/2020/1244"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36843",
    "datePublished": "2025-03-13T00:00:00.000Z",
    "dateReserved": "2025-03-13T00:00:00.000Z",
    "dateUpdated": "2025-03-18T16:22:08.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9484 (GCVE-0-2020-9484)

Vulnerability from cvelistv5 – Published: 2020-05-20 18:26 – Updated: 2024-08-04 10:26

Summary

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Severity

No CVSS data available.

CWE

Remote Code Execution

Assigner

apache

References

42 references

URL	Tags
https://lists.apache.org/thread.html/rf70f53af27e…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r26950738f4b…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/r7bc247fffcb…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
http://seclists.org/fulldisclosure/2020/Jun/6	mailing-listx_refsource_FULLDISC
https://security.gentoo.org/glsa/202006-21	vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/rb1c0fb105ce…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
https://lists.apache.org/thread.html/r77eae567ed8…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020052…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/157924/Apach…	x_refsource_MISC
https://www.debian.org/security/2020/dsa-4727	vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/4448-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.apache.org/thread.html/r123b3ebe389…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/raa4123e4721…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc8473b08abd…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf59c72572b9…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
https://usn.ubuntu.com/4596-1/	vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6d5d57b114…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/01/2	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8dd19c514fa…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r8a2ac0e476d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb51ccd58b21…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r11ce01e8a4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc1778b38e74…	mailing-listx_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Apache Tomcat	Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
          },
          {
            "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0711",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
          },
          {
            "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
          },
          {
            "name": "GLSA-202006-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-21"
          },
          {
            "name": "FEDORA-2020-ce396e7d5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
          },
          {
            "name": "FEDORA-2020-d9169235a8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
          },
          {
            "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
          },
          {
            "name": "DSA-4727",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4727"
          },
          {
            "name": "USN-4448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4448-1/"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "USN-4596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4596-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
          },
          {
            "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:24:10.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
        },
        {
          "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0711",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
        },
        {
          "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
        },
        {
          "name": "GLSA-202006-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-21"
        },
        {
          "name": "FEDORA-2020-ce396e7d5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
        },
        {
          "name": "FEDORA-2020-d9169235a8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
        },
        {
          "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
        },
        {
          "name": "DSA-4727",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4727"
        },
        {
          "name": "USN-4448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4448-1/"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "USN-4596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4596-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
        },
        {
          "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-9484",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
            },
            {
              "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0711",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
            },
            {
              "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
            },
            {
              "name": "GLSA-202006-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-21"
            },
            {
              "name": "FEDORA-2020-ce396e7d5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
            },
            {
              "name": "FEDORA-2020-d9169235a8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
            },
            {
              "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200528-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
            },
            {
              "name": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
            },
            {
              "name": "DSA-4727",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4727"
            },
            {
              "name": "USN-4448-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4448-1/"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "USN-4596-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4596-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
            },
            {
              "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-9484",
    "datePublished": "2020-05-20T18:26:41.000Z",
    "dateReserved": "2020-03-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:26:16.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24122 (GCVE-0-2021-24122)

Vulnerability from cvelistv5 – Published: 2021-01-14 14:45 – Updated: 2025-02-13 16:27

Title

Apache Tomcat information disclosure

Summary

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

Severity

No CVSS data available.

CWE

CWE-200 - Information Exposure

Assigner

apache

References

12 references

URL	Tags
https://lists.apache.org/thread.html/r1595889b083…	x_refsource_MISC
https://lists.apache.org/thread.html/r1595889b083…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rca833c6d42b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r776c6433749…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/01/14/1	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1595889b083…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7e0bb9ea415…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb32a73b7cb9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7382e1e35b9…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021021…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: Apache Tomcat 10 , < 10.0.0-M10 (custom) Affected: Apache Tomcat 9 , < 9.0.40 (custom) Affected: Apache Tomcat 8.5 , < 8.5.60 (custom) Affected: Apache Tomcat 7 , < 7.0.106 (custom)

Credits

This issue was identified by Ilja Brander.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20210114 Re: Releases?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/14/1"
          },
          {
            "name": "[announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20210115 CVE-2021-24122 NTFS Information Disclosure Bug",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210212-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "10.0.0-M10",
              "status": "affected",
              "version": "Apache Tomcat 10",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.40",
              "status": "affected",
              "version": "Apache Tomcat 9",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.60",
              "status": "affected",
              "version": "Apache Tomcat 8.5",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.106",
              "status": "affected",
              "version": "Apache Tomcat 7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was identified by Ilja Brander."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-03T19:22:50.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20210114 Re: Releases?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/14/1"
        },
        {
          "name": "[announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20210115 CVE-2021-24122 NTFS Information Disclosure Bug",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210212-0008/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Tomcat information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-24122",
          "STATE": "PUBLIC",
          "TITLE": "Apache Tomcat information disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.0-M10"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.40"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 8.5",
                            "version_value": "8.5.60"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 7",
                            "version_value": "7.0.106"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was identified by Ilja Brander."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20210114 Re: Releases?",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r776c64337495bf28b7d5597268114a888e3fad6045c40a0da0c66d4d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/14/1"
            },
            {
              "name": "[announce] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7e0bb9ea415724550e2b325e143b23e269579e54d66fcd7754bd0c20@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210114 [SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb32a73b7cb919d4f44a2596b6b951274c0004fc8b0e393d6829a45f9@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20210115 CVE-2021-24122 NTFS Information Disclosure Bug",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7382e1e35b9bc7c8f320b90ad77e74c13172d08034e20c18000fe710@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210212-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210212-0008/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-24122",
    "datePublished": "2021-01-14T14:45:18.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:47.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25122 (GCVE-0-2021-25122)

Vulnerability from cvelistv5 – Published: 2021-03-01 12:00 – Updated: 2025-02-13 16:27

Title

Apache Tomcat h2c request mix-up

Summary

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

Severity

No CVSS data available.

CWE

CWE-200 - Information Exposure

Assigner

apache

References

16 references

URL	Tags
https://lists.apache.org/thread.html/r7b95bc24860…	x_refsource_MISC
https://lists.apache.org/thread.html/r7b95bc24860…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7b95bc24860…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7b95bc24860…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6d5d57b114…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7b95bc24860…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/01/1	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcd90bf36b18…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd0463f9a5cb…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4891	vendor-advisoryx_refsource_DEBIAN
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021040…	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://security.gentoo.org/glsa/202208-34	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: Apache Tomcat 10 , < 10.0.2 (custom) Affected: Apache Tomcat 9 , < 9.0.42 (custom) Affected: Apache Tomcat 8.5 , < 8.5.62 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
          },
          {
            "name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
          },
          {
            "name": "DSA-4891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4891"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "GLSA-202208-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "10.0.2",
              "status": "affected",
              "version": "Apache Tomcat 10",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.42",
              "status": "affected",
              "version": "Apache Tomcat 9",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.62",
              "status": "affected",
              "version": "Apache Tomcat 8.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-03T19:56:19.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
        },
        {
          "name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
        },
        {
          "name": "DSA-4891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4891"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "GLSA-202208-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Tomcat h2c request mix-up",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-25122",
          "STATE": "PUBLIC",
          "TITLE": "Apache Tomcat h2c request mix-up"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.42"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 8.5",
                            "version_value": "8.5.62"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
            },
            {
              "name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
            },
            {
              "name": "DSA-4891",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4891"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210409-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "GLSA-202208-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-25122",
    "datePublished": "2021-03-01T12:00:20.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:48.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25329 (GCVE-0-2021-25329)

Vulnerability from cvelistv5 – Published: 2021-03-01 12:00 – Updated: 2025-02-13 16:27

Title

Incomplete fix for CVE-2020-9484

Summary

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Severity

No CVSS data available.

CWE

Remote code execution via session persistence

Assigner

apache

References

18 references

URL	Tags
https://lists.apache.org/thread.html/rfe62fbf9d4c…	x_refsource_MISC
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6d5d57b114…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/01/2	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4891	vendor-advisoryx_refsource_DEBIAN
https://lists.apache.org/thread.html/r8a2ac0e476d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb51ccd58b21…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r732b2ca289d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r11ce01e8a4c…	mailing-listx_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021040…	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://security.gentoo.org/glsa/202208-34	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: Apache Tomcat 10 , < 10.0.0 (custom) Affected: Apache Tomcat 9 , < 9.0.41 (custom) Affected: Apache Tomcat 8.5 , < 8.5.61 (custom) Affected: Apache Tomcat 7 , < 7.0.107 (custom)

Credits

This issue was identified by Trung Pham of Viettel Cyber Security.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
          },
          {
            "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
          },
          {
            "name": "DSA-4891",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4891"
          },
          {
            "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "GLSA-202208-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "10.0.0",
              "status": "affected",
              "version": "Apache Tomcat 10",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.41",
              "status": "affected",
              "version": "Apache Tomcat 9",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.61",
              "status": "affected",
              "version": "Apache Tomcat 8.5",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.107",
              "status": "affected",
              "version": "Apache Tomcat 7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was identified by Trung Pham of Viettel Cyber Security."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution via session persistence",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-03T20:04:38.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
        },
        {
          "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
        },
        {
          "name": "DSA-4891",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4891"
        },
        {
          "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "GLSA-202208-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incomplete fix for CVE-2020-9484",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-25329",
          "STATE": "PUBLIC",
          "TITLE": "Incomplete fix for CVE-2020-9484"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.41"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 8.5",
                            "version_value": "8.5.61"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Tomcat 7",
                            "version_value": "7.0.107"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was identified by Trung Pham of Viettel Cyber Security."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution via session persistence"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
            },
            {
              "name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
            },
            {
              "name": "DSA-4891",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4891"
            },
            {
              "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210409-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "GLSA-202208-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-25329",
    "datePublished": "2021-03-01T12:00:20.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:48.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

Product	Identifier	Version
vers:unknown/22.1 Oracle / Oracle / Database Server		vers:unknown/22.1
vers:unknown/13.5.0.0 Oracle / Oracle / Enterprise Manager for Oracle Database		vers:unknown/13.5.0.0
vers:oracle/>=19.3\|<=19.22 Oracle / Oracle Database Server		vers:oracle/>=19.3\|<=19.22
vers:oracle/>=19.3\|<=19.26 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:::::::*`	vers:oracle/>=19.3\|<=19.26
vers:oracle/>=21.3\|<=21.13 Oracle / Oracle Database Server		vers:oracle/>=21.3\|<=21.13
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=21.4\|<=21.16 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:::::::*`	vers:oracle/>=21.4\|<=21.16
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle Database Server / Oracle Database Server	`cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/13.5.0.0 Oracle / Oracle Enterprise Manager for Oracle Database		vers:oracle/13.5.0.0
vers:oracle/1.5.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.5.0:::::::*`	vers:oracle/1.5.0
vers:oracle/1.6.0 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.0:::::::*`	vers:oracle/1.6.0
vers:oracle/1.6.1 Oracle / Oracle NoSQL Database / Oracle NoSQL Database	`cpe:2.3:a:oracle:nosql_database:1.6.1:::::::*`	vers:oracle/1.6.1
vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0 Oracle / Oracle TimesTen In-Memory Database / Oracle TimesTen In-Memory Database	`cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:::::::*`	vers:oracle/>=22.1.1.1.0\|<=22.1.1.30.0
vers:semver/19.3\|<=19.26 Oracle Corporation / Oracle Database Server		vers:semver/19.3\|<=19.26
vers:semver/21.3\|<=21.17 Oracle Corporation / Oracle Database Server		vers:semver/21.3\|<=21.17
vers:semver/23.4\|<=23.7 Oracle Corporation / Oracle Database Server		vers:semver/23.4\|<=23.7
vers:oracle/25.1.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:::::::*`	vers:oracle/25.1.0
vers:oracle/25.2.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:::::::*`	vers:oracle/25.2.0
vers:oracle/>=23.8.0\|<=23.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:::::::*`	vers:oracle/>=23.8.0\|<=23.11.0
vers:oracle/>=24.1.0\|<=24.11.0 Oracle / Oracle Autonomous Health Framework / Autonomous Health Framework	`cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:::::::*`	vers:oracle/>=24.1.0\|<=24.11.0
vers:oracle/21.7.1.0.0 Oracle / Oracle Essbase / Oracle Essbase	`cpe:2.3:a:oracle:essbase:21.7.1.0.0:::::::*`	vers:oracle/21.7.1.0.0
vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle / GoldenGate		vers:unknown/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:unknown/>=21.3\|<=21.17 Oracle / Oracle / GoldenGate		vers:unknown/>=21.3\|<=21.17
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10 Oracle / Oracle GoldenGate / GoldenGate Stream Analytics	`cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.10
vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.26.0.0.250219
vers:oracle/>=21.3\|<=21.17 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:21.3-21.17:::::::*`	vers:oracle/>=21.3\|<=21.17
vers:oracle/>=23.4\|<=23.7 Oracle / Oracle GoldenGate / Oracle GoldenGate	`cpe:2.3:a:oracle:goldengate:23.4-23.7:::::::*`	vers:oracle/>=23.4\|<=23.7
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:::::::*`	vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.18
vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:::::::*`	vers:oracle/>=21.3.0.0.0\|<=21.16.0.0.0
vers:oracle/>=23.4\|<=23.6 Oracle / Oracle GoldenGate / Oracle GoldenGate Big Data and Application Adapters	`cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:::::::*`	vers:oracle/>=23.4\|<=23.6
vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7 Oracle / Oracle GoldenGate Stream Analytics		vers:oracle/>=19.1.0.0.0\|<=19.1.0.0.7
vers:oracle/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:oracle/23.1
vers:oracle/<23.1 Oracle / Big Data Spatial and Graph		vers:oracle/<23.1
vers:unknown/2.0 Oracle / Big Data Spatial and Graph	`cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:::::::*`	vers:unknown/2.0
vers:unknown/2.0 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/2.0
vers:unknown/20.2 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/20.2
vers:unknown/23.1 Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/23.1 Oracle / Big Data Spatial and Graph		vers:unknown/23.1
vers:unknown/none Oracle / Oracle / Big Data Spatial and Graph		vers:unknown/none
vers:oracle/23.4.3 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.3:::::::*`	vers:oracle/23.4.3
vers:oracle/24.3.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.3.0:::::::*`	vers:oracle/24.3.0
vers:oracle/23.4.4 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.4:::::::*`	vers:oracle/23.4.4
vers:oracle/24.4.0 Oracle / Oracle Graph Server and Client / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.4.0:::::::*`	vers:oracle/24.4.0
vers:oracle/<=22.4.7 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:::::::*`	vers:oracle/<=22.4.7
vers:oracle/<=23.4.2 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:::::::*`	vers:oracle/<=23.4.2
vers:oracle/<=24.1.0 Oracle / Graph Server and Client	`cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:::::::*`	vers:oracle/<=24.1.0
vers:oracle/3.0.6 Oracle / Oracle Big Data Spatial and Graph	`cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:::::::*`	vers:oracle/3.0.6
vers:oracle/12.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.1:::::::*`	vers:oracle/12.1.0.1
vers:oracle/12.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.2:::::::*`	vers:oracle/12.1.0.2
vers:oracle/12.1.0.3 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:12.1.0.3:::::::*`	vers:oracle/12.1.0.3
vers:oracle/18.1.0.0 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.0:::::::*`	vers:oracle/18.1.0.0
vers:oracle/18.1.0.1 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.1:::::::*`	vers:oracle/18.1.0.1
vers:oracle/18.1.0.2 Oracle / Oracle Secure Backup / Oracle Secure Backup	`cpe:2.3:a:oracle:secure_backup:18.1.0.2:::::::*`	vers:oracle/18.1.0.2
vers:semver/12.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.1
vers:semver/12.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.2
vers:semver/12.1.0.3 Oracle Corporation / Oracle Secure Backup		vers:semver/12.1.0.3
vers:semver/18.1.0.0 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.0
vers:semver/18.1.0.1 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.1
vers:semver/18.1.0.2 Oracle Corporation / Oracle Secure Backup		vers:semver/18.1.0.2

Action not permitted

NCSC-2025-0123

CVE-2020-11996 (GCVE-0-2020-11996)

CVE-2020-13935 (GCVE-0-2020-13935)

CVE-2020-13943 (GCVE-0-2020-13943)

CVE-2020-1935 (GCVE-0-2020-1935)

CVE-2020-1938 (GCVE-0-2020-1938)

CVE-2020-36843 (GCVE-0-2020-36843)

CVE-2020-9484 (GCVE-0-2020-9484)

CVE-2021-24122 (GCVE-0-2021-24122)

CVE-2021-25122 (GCVE-0-2021-25122)

CVE-2021-25329 (GCVE-0-2021-25329)

Tags

Sightings

Nomenclature