Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21573 (GCVE-0-2025-21573)
Vulnerability from cvelistv5
Published
2025-04-15 20:30
Modified
2025-04-17 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing.
Summary
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).
References
| ► | URL | Tags | |||||
|---|---|---|---|---|---|---|---|
|
|||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Financial Services Revenue Management and Billing |
Version: 5.1.0.0.0 ≤ Version: 6.1.0.0.0 ≤ Version: 7.0.0.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T03:55:38.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Financial Services Revenue Management and Billing",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.1.0.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.1.0.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:30:26.771Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21573",
"datePublished": "2025-04-15T20:30:26.771Z",
"dateReserved": "2024-12-24T23:18:54.784Z",
"dateUpdated": "2025-04-17T03:55:38.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21573\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2025-04-15T21:15:47.670\",\"lastModified\":\"2025-04-17T21:36:01.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Financial Services Revenue Management and Billing de Oracle Financial Services Applications (componente: Chatbot). Las versiones compatibles afectadas son 5.1.0.0.0, 6.1.0.0.0 y 7.0.0.0.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Financial Services Revenue Management and Billing. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizadas de datos cr\u00edticos o de todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, y en la posibilidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Financial Services Revenue Management and Billing. Puntuaci\u00f3n base CVSS 3.1: 6.0 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D620E6-E3B8-4691-AE02-D3E0F06DBF00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F641504-655B-45E6-AB7D-04BE3FD9CD1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E05B52-B655-43D9-8C99-DB0EED4CE9CC\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2025.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21573\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T14:45:32.635579Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T14:49:24.376Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Financial Services Revenue Management and Billing\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.0.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.1.0.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0.0.0.0\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2025.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2025-04-15T20:30:26.771Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-21573\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T03:55:38.619Z\", \"dateReserved\": \"2024-12-24T23:18:54.784Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2025-04-15T20:30:26.771Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2025-21573
Vulnerability from fkie_nvd
Published
2025-04-15 21:15
Modified
2025-04-17 21:36
Severity ?
Summary
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2025.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | financial_services_revenue_management_and_billing | 5.1.0.0.0 | |
| oracle | financial_services_revenue_management_and_billing | 6.1.0.0.0 | |
| oracle | financial_services_revenue_management_and_billing | 7.0.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D620E6-E3B8-4691-AE02-D3E0F06DBF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F641504-655B-45E6-AB7D-04BE3FD9CD1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E05B52-B655-43D9-8C99-DB0EED4CE9CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Financial Services Revenue Management and Billing de Oracle Financial Services Applications (componente: Chatbot). Las versiones compatibles afectadas son 5.1.0.0.0, 6.1.0.0.0 y 7.0.0.0.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Financial Services Revenue Management and Billing. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizadas de datos cr\u00edticos o de todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, y en la posibilidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Financial Services Revenue Management and Billing. Puntuaci\u00f3n base CVSS 3.1: 6.0 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)."
}
],
"id": "CVE-2025-21573",
"lastModified": "2025-04-17T21:36:01.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2025-04-15T21:15:47.670",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
wid-sec-w-2025-0819
Vulnerability from csaf_certbund
Published
2025-04-15 22:00
Modified
2025-04-15 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0819 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0819.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0819 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0819"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Financial Services Applications vom 2025-04-15",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixIFLX"
}
],
"source_lang": "en-US",
"title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:23.001+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0819",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.0.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.8",
"product_id": "T021677",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
}
}
},
{
"category": "product_version",
"name": "8.0.8.1",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.1",
"product_id": "T022844",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
}
}
},
{
"category": "product_version",
"name": "21.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 21.1.0.0.0",
"product_id": "T028695",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "22.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.1.0.0.0",
"product_id": "T028696",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "22.2.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 22.2.0.0.0",
"product_id": "T028697",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
}
}
},
{
"category": "product_version",
"name": "14.5.0.0.0-14.7.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0",
"product_id": "T028702",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.5",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.5",
"product_id": "T028706",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
}
}
},
{
"category": "product_version",
"name": "6.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 6.1.0.0.0",
"product_id": "T036223",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:6.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.8",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.8",
"product_id": "T038392",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.8"
}
}
},
{
"category": "product_version",
"name": "7.0.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 7.0.0.0.0",
"product_id": "T040463",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:7.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.0.7.8",
"product": {
"name": "Oracle Financial Services Applications 8.0.7.8",
"product_id": "T040464",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8"
}
}
},
{
"category": "product_version",
"name": "8.0.8.6",
"product": {
"name": "Oracle Financial Services Applications 8.0.8.6",
"product_id": "T040465",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.6"
}
}
},
{
"category": "product_version",
"name": "2.9.0.0.0-7.0.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0",
"product_id": "T040516",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.7.0",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.7.0",
"product_id": "T042808",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7.0"
}
}
},
{
"category": "product_version",
"name": "8.1.1.4",
"product": {
"name": "Oracle Financial Services Applications 8.1.1.4",
"product_id": "T042809",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.4"
}
}
},
{
"category": "product_version",
"name": "5.1.0.0.0",
"product": {
"name": "Oracle Financial Services Applications 5.1.0.0.0",
"product_id": "T042810",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:5.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "8.1.2.9",
"product": {
"name": "Oracle Financial Services Applications 8.1.2.9",
"product_id": "T042811",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.9"
}
}
},
{
"category": "product_version",
"name": "14.7.0.7.0",
"product": {
"name": "Oracle Financial Services Applications 14.7.0.7.0",
"product_id": "T042812",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.7.0"
}
}
}
],
"category": "product_name",
"name": "Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-28170",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2023-39410",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-49582",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2024-28168",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-28219",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-35195",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37891",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38827",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-47072",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-5206",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-5206"
},
{
"cve": "CVE-2024-56128",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-56128"
},
{
"cve": "CVE-2024-56337",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2024-57699",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21573",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-21573"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T040516",
"T036223",
"T042808",
"T042809",
"T021677",
"T022844",
"T028706",
"T042810",
"T042811",
"T038392",
"T042812",
"T028702",
"T028697",
"T040465",
"T040464",
"T028695",
"T040463",
"T028696"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-24970"
}
]
}
ghsa-9fpp-56h8-w47g
Vulnerability from github
Published
2025-04-15 21:31
Modified
2025-04-15 21:31
Severity ?
VLAI Severity ?
Details
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).
{
"affected": [],
"aliases": [
"CVE-2025-21573"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T21:15:47Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L).",
"id": "GHSA-9fpp-56h8-w47g",
"modified": "2025-04-15T21:31:44Z",
"published": "2025-04-15T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21573"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
ncsc-2025-0127
Vulnerability from csaf_ncscnl
Published
2025-04-16 15:00
Modified
2025-04-16 15:00
Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende Financial Services producten
Interpretaties
De kwetsbaarheden stellen niet-geauthenticeerde kwaadwillenden in staat om via HTTP toegang te krijgen tot kritieke gegevens, wat kan leiden tot ongeautoriseerde gegevenstoegang en andere beveiligingsrisico's. Kwaadwillenden kunnen ook gebruik maken van misconfiguraties en kwetsbaarheden in de software om privilege-escalatie, denial-of-service en remote code execution uit te voeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-670
Always-Incorrect Control Flow Implementation
CWE-676
Use of Potentially Dangerous Function
CWE-921
Storage of Sensitive Data in a Mechanism without Access Control
CWE-922
Insecure Storage of Sensitive Information
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-178
Improper Handling of Case Sensitivity
CWE-303
Incorrect Implementation of Authentication Algorithm
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-680
Integer Overflow to Buffer Overflow
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende Financial Services producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen niet-geauthenticeerde kwaadwillenden in staat om via HTTP toegang te krijgen tot kritieke gegevens, wat kan leiden tot ongeautoriseerde gegevenstoegang en andere beveiligingsrisico\u0027s. Kwaadwillenden kunnen ook gebruik maken van misconfiguraties en kwetsbaarheden in de software om privilege-escalatie, denial-of-service en remote code execution uit te voeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "general",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2025-04-16T15:00:12.952979Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0127",
"initial_release_date": "2025-04-16T15:00:12.952979Z",
"revision_history": [
{
"date": "2025-04-16T15:00:12.952979Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.7.0",
"product": {
"name": "vers:unknown/8.1.2.7.0",
"product_id": "CSAFPID-2698335"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.3.0",
"product": {
"name": "vers:unknown/8.1.3.0",
"product_id": "CSAFPID-1838588"
}
}
],
"category": "product_name",
"name": "Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.0.7.8",
"product": {
"name": "vers:unknown/8.0.7.8",
"product_id": "CSAFPID-1838570"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.0.8.6",
"product": {
"name": "vers:unknown/8.0.8.6",
"product_id": "CSAFPID-1838583"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.1.4",
"product": {
"name": "vers:unknown/8.1.1.4",
"product_id": "CSAFPID-2698354"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.5",
"product": {
"name": "vers:unknown/8.1.2.5",
"product_id": "CSAFPID-1838577"
}
}
],
"category": "product_name",
"name": "Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.0.8.1",
"product": {
"name": "vers:unknown/8.0.8.1",
"product_id": "CSAFPID-1199519"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.7",
"product": {
"name": "vers:unknown/8.1.2.7",
"product_id": "CSAFPID-1838573"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.8",
"product": {
"name": "vers:unknown/8.1.2.8",
"product_id": "CSAFPID-1838574"
}
}
],
"category": "product_name",
"name": "Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/14.7.0.7.0",
"product": {
"name": "vers:unknown/14.7.0.7.0",
"product_id": "CSAFPID-2698380"
}
}
],
"category": "product_name",
"name": "Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.1.2.6",
"product": {
"name": "vers:unknown/8.1.2.6",
"product_id": "CSAFPID-1838589"
}
}
],
"category": "product_name",
"name": "Financial Services Compliance Studio"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.6",
"product": {
"name": "vers:oracle/8.1.2.6",
"product_id": "CSAFPID-1839860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7",
"product": {
"name": "vers:oracle/8.1.2.7",
"product_id": "CSAFPID-1839857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7.0",
"product": {
"name": "vers:oracle/8.1.2.7.0",
"product_id": "CSAFPID-2699019",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.3.0",
"product": {
"name": "vers:oracle/8.1.3.0",
"product_id": "CSAFPID-1839858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.1.0.0.0",
"product": {
"name": "vers:oracle/21.1.0.0.0",
"product_id": "CSAFPID-2698953",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:21.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.1.0.0.0",
"product": {
"name": "vers:oracle/22.1.0.0.0",
"product_id": "CSAFPID-2698951",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:22.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.2.0.0.0",
"product": {
"name": "vers:oracle/22.2.0.0.0",
"product_id": "CSAFPID-2698952",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_apis:22.2.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking APIs"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/21.1.0.0.0",
"product": {
"name": "vers:oracle/21.1.0.0.0",
"product_id": "CSAFPID-2698992",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:21.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.1.0.0.0",
"product": {
"name": "vers:oracle/22.1.0.0.0",
"product_id": "CSAFPID-2698990",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/22.2.0.0.0",
"product": {
"name": "vers:oracle/22.2.0.0.0",
"product_id": "CSAFPID-2698994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_digital_experience:22.2.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Digital Experience"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.7.8",
"product": {
"name": "vers:oracle/8.0.7.8",
"product_id": "CSAFPID-1839976",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8.6",
"product": {
"name": "vers:oracle/8.0.8.6",
"product_id": "CSAFPID-1839966",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.1.4",
"product": {
"name": "vers:oracle/8.1.1.4",
"product_id": "CSAFPID-2699017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.5",
"product": {
"name": "vers:oracle/8.1.2.5",
"product_id": "CSAFPID-1839974",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Analytical Applications Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/5.1.0.0.0",
"product": {
"name": "vers:oracle/5.1.0.0.0",
"product_id": "CSAFPID-2699099",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/6.1.0.0.0",
"product": {
"name": "vers:oracle/6.1.0.0.0",
"product_id": "CSAFPID-2699100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/7.0.0.0.0",
"product": {
"name": "vers:oracle/7.0.0.0.0",
"product_id": "CSAFPID-2699101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=2.9.0.0.0|\u003c=7.0.0.0.0",
"product": {
"name": "vers:oracle/\u003e=2.9.0.0.0|\u003c=7.0.0.0.0",
"product_id": "CSAFPID-1839884",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Revenue Management and Billing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.4.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.4.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-1839866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-2698995",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product": {
"name": "vers:oracle/\u003e=14.5.0.0.0|\u003c=14.7.0.0.0",
"product_id": "CSAFPID-1839867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Origination"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8.1",
"product": {
"name": "vers:oracle/8.0.8.1",
"product_id": "CSAFPID-1839881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.7",
"product": {
"name": "vers:oracle/8.1.2.7",
"product_id": "CSAFPID-1839880",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.8",
"product": {
"name": "vers:oracle/8.1.2.8",
"product_id": "CSAFPID-1839882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.9",
"product": {
"name": "vers:oracle/8.1.2.9",
"product_id": "CSAFPID-2698954",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.9:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Behavior Detection Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.0.8",
"product": {
"name": "vers:oracle/8.0.8",
"product_id": "CSAFPID-1839878",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/14.7.0.7.0",
"product": {
"name": "vers:oracle/14.7.0.7.0",
"product_id": "CSAFPID-2698938",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.7.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.7.5.0.0",
"product": {
"name": "vers:oracle/14.7.5.0.0",
"product_id": "CSAFPID-1839923",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.6",
"product": {
"name": "vers:oracle/8.1.2.6",
"product_id": "CSAFPID-1839871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/8.1.2.9",
"product": {
"name": "vers:oracle/8.1.2.9",
"product_id": "CSAFPID-2699005",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
}
],
"category": "product_family",
"name": "Oracle Financial Services Applications"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/5.1.0.0.0",
"product": {
"name": "vers:semver/5.1.0.0.0",
"product_id": "CSAFPID-2698450"
}
},
{
"category": "product_version_range",
"name": "vers:semver/6.1.0.0.0",
"product": {
"name": "vers:semver/6.1.0.0.0",
"product_id": "CSAFPID-2698451"
}
},
{
"category": "product_version_range",
"name": "vers:semver/7.0.0.0.0",
"product": {
"name": "vers:semver/7.0.0.0.0",
"product_id": "CSAFPID-2698452"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Revenue Management and Billing"
}
],
"category": "vendor",
"name": "Oracle Corporation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-28170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-28170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-39410",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2023-39410"
},
{
"cve": "CVE-2023-49582",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49582",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2023-49582"
},
{
"cve": "CVE-2024-5206",
"cwe": {
"id": "CWE-921",
"name": "Storage of Sensitive Data in a Mechanism without Access Control"
},
"notes": [
{
"category": "other",
"text": "Storage of Sensitive Data in a Mechanism without Access Control",
"title": "CWE-921"
},
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5206",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5206.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-5206"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-28219",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "other",
"text": "Use of Potentially Dangerous Function",
"title": "CWE-676"
},
{
"category": "other",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28219",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38827",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-38827"
},
{
"cve": "CVE-2024-47072",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56128",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-56128"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-21573",
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21573",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2025-21573"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json"
}
],
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2698335",
"CSAFPID-1838588",
"CSAFPID-1839860",
"CSAFPID-1839857",
"CSAFPID-2699019",
"CSAFPID-1839858",
"CSAFPID-2698953",
"CSAFPID-2698951",
"CSAFPID-2698952",
"CSAFPID-2698992",
"CSAFPID-2698990",
"CSAFPID-2698994",
"CSAFPID-1838570",
"CSAFPID-1838583",
"CSAFPID-2698354",
"CSAFPID-1839976",
"CSAFPID-1838577",
"CSAFPID-1839966",
"CSAFPID-2699017",
"CSAFPID-1839974",
"CSAFPID-2699099",
"CSAFPID-2699100",
"CSAFPID-2699101",
"CSAFPID-1839884",
"CSAFPID-2698450",
"CSAFPID-2698451",
"CSAFPID-2698452",
"CSAFPID-1839866",
"CSAFPID-2698995",
"CSAFPID-1839867",
"CSAFPID-1199519",
"CSAFPID-1838573",
"CSAFPID-1838574",
"CSAFPID-1839881",
"CSAFPID-1839880",
"CSAFPID-1839882",
"CSAFPID-2698954",
"CSAFPID-1839878",
"CSAFPID-2698380",
"CSAFPID-2698938",
"CSAFPID-1839923",
"CSAFPID-1838589",
"CSAFPID-1839871",
"CSAFPID-2699005"
]
}
],
"title": "CVE-2025-24970"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…