Text Form of Oracle Critical Patch Update - October 2025 Risk Matrices
This document provides the text form of the CPUOct2025 Advisory Risk Matrices. Please note that the CVE IDs in this document correspond to the same CVE IDs in the CPUOct2025 Advisory
This page contains the following text format Risk Matrices:
- Oracle Database Server
- Oracle Essbase
- Oracle GoldenGate
- Oracle Graph Server and Client
- Oracle REST Data Services
- Oracle Secure Backup
- Oracle Spatial Studio
- Oracle TimesTen In-Memory Database
- Oracle Commerce
- Oracle Communications Applications
- Oracle Communications
- Oracle Construction and Engineering
- Oracle E-Business Suite
- Oracle Enterprise Manager
- Oracle Financial Services Applications
- Oracle Fusion Middleware
- Oracle Analytics
- Oracle Health Sciences Applications
- Oracle HealthCare Applications
- Oracle Hospitality Applications
- Oracle Hyperion
- Oracle Insurance Applications
- Oracle Java SE
- Oracle JD Edwards
- Oracle MySQL
- Oracle PeopleSoft
- Oracle Retail Applications
- Oracle Siebel CRM
- Oracle Supply Chain
- Oracle Systems
- Oracle Utilities Applications
- Oracle Virtualization
Text Form of Risk Matrix for Oracle Database Server
This table provides the text form of the Risk Matrix for Oracle Database Server.
| CVE ID | Description |
|---|---|
| CVE-2025-26333 | Security-in-Depth issue in the RDBMS (Dell BSAFE Crypto-J) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-31672 | Security-in-Depth issue in the SQLcl (Apache POI) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-4517 | Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS (Python) executes to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of RDBMS (Python). CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12254, CVE-2024-12718, CVE-2024-6923, CVE-2024-8088, CVE-2025-1795, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4949 | Vulnerability in the SQLcl (jgit) component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Difficult to exploit vulnerability allows low privileged attacker having Valid account privilege with network access via HTTP to compromise SQLcl (jgit). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all SQLcl (jgit) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-50106 | Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-52520 | Security-in-Depth issue in the Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-53047 | Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Portable Clusterware accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2025-53051 | Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Functional Index accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2025-59375 | Security-in-Depth issue in the Database (Perl) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-61749 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-61881 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Essbase
This table provides the text form of the Risk Matrix for Oracle Essbase.
| CVE ID | Description |
|---|---|
| CVE-2020-13956 | Vulnerability in Oracle Essbase (component: Security and Provisioning (Apache HttpClient)). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Essbase accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-48924 | Security-in-Depth issue in Oracle Essbase (component: Security and Provisioning (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-53864 | Vulnerability in Oracle Essbase (component: Security and Provisioning (Nimbus JOSE+JWT)). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. While the vulnerability is in Oracle Essbase, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Essbase. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-5399 | Security-in-Depth issue in Oracle Essbase (component: Build (curl)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-5878 | Security-in-Depth issue in Oracle Essbase (component: Security and Provisioning (Enterprise Security API)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-61763 | Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory] |
| CVE-2025-8916 | Vulnerability in Oracle Essbase (component: Security and Provisioning (Bouncy Castle Java Library)). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Essbase. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-9086 | Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-9230 | Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
Text Form of Risk Matrix for Oracle GoldenGate
This table provides the text form of the Risk Matrix for Oracle GoldenGate.
| CVE ID | Description |
|---|---|
| CVE-2022-0839 | Security-in-Depth issue in the Management Pack for Oracle GoldenGate product of Oracle GoldenGate (component: Monitor (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2023-33201 | Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Bouncy Castle Java Library)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2023-5072 | Security-in-Depth issue in Oracle GoldenGate (component: OGG Configuration Assistant (JSON-java)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2024-38819 | Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Spring Framework)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2024-51504 | Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2024-52577 | Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General (Apache Ignite)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Stream Analytics. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2024-57699 | Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (json-smart)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2024-57699 | Vulnerability in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: General (json-smart)). Supported versions that are affected are 12.2.1.4.0-12.2.1.4.250515. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate Veridata executes to compromise Oracle GoldenGate Veridata. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata. CVSS 3.1 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-22227 | Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Reactor Netty)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-27533 | Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General Issues (Apache ActiveMQ)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-27817 | Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General Issues (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48734 | Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General Issues (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48734 | Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48924 | Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General (Apache Commons FileUpload)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Stream Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53864 | Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Nimbus JOSE+JWT)). Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. While the vulnerability is in Oracle GoldenGate Big Data and Application Adapters, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-55163 | Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Netty)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-55163 | Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General Issues (Netty)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-55163 | Security-in-Depth issue in the Oracle GoldenGate Veridata product of Oracle GoldenGate (component: Other issues (Netty)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-8885 | Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Bouncy Castle Java FIPS)). Supported versions that are affected are 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-8916 | Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Bouncy Castle Java Library)). Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Graph Server and Client
This table provides the text form of the Risk Matrix for Oracle Graph Server and Client.
| CVE ID | Description |
|---|---|
| CVE-2025-27553 | Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Apache Commons VFS)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-52520 | Vulnerability in the Graph Server and Client product of Oracle Graph Server and Client (component: Install (Apache Tomcat)). Supported versions that are affected are 24.4.3 and 25.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Graph Server and Client. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-52520 also addresses CVE-2025-52434, and CVE-2025-53506. |
Text Form of Risk Matrix for Oracle REST Data Services
This table provides the text form of the Risk Matrix for Oracle REST Data Services.
| CVE ID | Description |
|---|---|
| CVE-2025-48976 | Vulnerability in Oracle REST Data Services (component: Core (Apache Commons FileUpload)). The supported version that is affected is 25.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Secure Backup
This table provides the text form of the Risk Matrix for Oracle Secure Backup.
| CVE ID | Description |
|---|---|
| CVE-2025-1735 | Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-54090 | Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
Text Form of Risk Matrix for Oracle Spatial Studio
This table provides the text form of the Risk Matrix for Oracle Spatial Studio.
| CVE ID | Description |
|---|---|
| CVE-2025-48924 | Security-in-Depth issue in Oracle Spatial Studio (component: Install issues (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
Text Form of Risk Matrix for Oracle TimesTen In-Memory Database
This table provides the text form of the Risk Matrix for Oracle TimesTen In-Memory Database.
| CVE ID | Description |
|---|---|
| CVE-2024-51504 | Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: TimesTen Grid (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2024-56406 | Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: TimesTen Install (Perl)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-0411 | Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (7-Zip)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-55163 | Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: TimesTen Grid (Netty)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
Text Form of Risk Matrix for Oracle Commerce
This table provides the text form of the Risk Matrix for Oracle Commerce.
| CVE ID | Description |
|---|---|
| CVE-2024-47554 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache Commons IO)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-57699 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (json-smart)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-22233 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools And Frameworks, Content Acquisition System, Platform Services (Spring Framework)). The supported version that is affected is 11.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] The patch for CVE-2025-22233 also addresses CVE-2024-38820. |
| CVE-2025-22233 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework (Spring Framework)). The supported version that is affected is 11.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-48795 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Endeca Integration (Apache CXF)). The supported version that is affected is 11.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] The patch for CVE-2025-48795 also addresses CVE-2025-23184. |
| CVE-2025-48924 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools And Frameworks, Content Acquisition System, Platform Services (Apache Commons Lang)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework (Apache Commons FileUpload)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools And Frameworks, Content Acquisition System, Platform Services (Apache Tomcat)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP/2 to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools And Frameworks (Netty)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP/2 to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Communications Applications
This table provides the text form of the Risk Matrix for Oracle Communications Applications.
| CVE ID | Description |
|---|---|
| CVE-2024-12133 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (Libtasn1)). Supported versions that are affected are 2.0.0.0.0-2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-28182 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (Nghttp2)). The supported version that is affected is 2.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-35164 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Guacamole)). Supported versions that are affected are 6.1.0-6.1.1. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2024-37371 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Security (Kerberos)). Supported versions that are affected are 2.0.0.0.0-2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Converged Charging System accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). (legend) [Advisory] The patch for CVE-2024-37371 also addresses CVE-2024-26462, and CVE-2024-37370. |
| CVE-2024-50609 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (fluentbit)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2024-50609 also addresses CVE-2024-50608. |
| CVE-2024-51504 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache ZooKeeper)). The supported version that is affected is 6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H). (legend) [Advisory] |
| CVE-2024-57699 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (json-smart)). Supported versions that are affected are 2.0.0.0.0 and 2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2024-7254 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (Google Protobuf-Java)). Supported versions that are affected are 2.0.0.0.0 and 2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2024-8006 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (libpcap)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2024-8006 also addresses CVE-2023-7256. |
| CVE-2025-27210 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Node.js)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27210 also addresses CVE-2025-23084, and CVE-2025-27209. |
| CVE-2025-27533 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache ActiveMQ)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-27553 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Apache Commons VFS)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27553 also addresses CVE-2025-30474. |
| CVE-2025-27553 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Apache Commons VFS)). Supported versions that are affected are 7.5.0-7.5.1 and 7.6.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27553 also addresses CVE-2025-30474. |
| CVE-2025-27817 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (Apache Kafka)). Supported versions that are affected are 12.0.0.4.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-27817 | Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Notification Gateway (Apache Kafka)). Supported versions that are affected are 12.0.3.0.0-12.0.6.0.0, 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Convergent Charging Controller accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-27817 | Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Notification Gateway (Apache Kafka)). Supported versions that are affected are 12.0.3.0.0-12.0.6.0.0, 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Network Charging and Control accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-27817 | Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (Apache Kafka)). Supported versions that are affected are 8.0.0.5.0, 8.1.0.4.0 and 8.2.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-27817 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Kafka)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-32415 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (libxml2)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-32990 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (GnuTLS)). Supported versions that are affected are 7.7.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory] The patch for CVE-2025-32990 also addresses CVE-2025-32988, CVE-2025-32989, and CVE-2025-6395. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Python)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-48734 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Commons BeanUtils)). The supported version that is affected is 6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Calendar Server product of Oracle Communications Applications (component: Administration (Apache Commons Lang)). The supported version that is affected is 8.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Calendar Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Calendar Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Configuration (Apache Commons Lang)). The supported version that is affected is 3.0.3.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Convergence. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Apache Tika)). The supported version that is affected is 8.1.0.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications Applications (component: Cartridges (Apache Commons Lang)). Supported versions that are affected are 7.3.6, 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Integrity. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: Install (Swagger UI)). Supported versions that are affected are 15.0.0.0.0, 15.0.1.0.0 and 15.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Offline Mediation Controller. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Apache Commons Lang)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (Apache Commons Lang)). Supported versions that are affected are 8.0.0.5.0, 8.1.0.4.0 and 8.2.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (Apache Commons Lang)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Apache Commons Lang)). Supported versions that are affected are 7.5.0-7.5.1 and 7.6.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Calendar Server product of Oracle Communications Applications (component: Core (Apache Commons FileUpload)). The supported version that is affected is 8.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Calendar Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Calendar Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Contacts Server product of Oracle Communications Applications (component: Core (Apache Commons FileUpload)). The supported version that is affected is 8.0.0.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Contacts Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Contacts Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Core (Apache Commons FileUpload)). The supported version that is affected is 3.0.3.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP/2 to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Security (libxml2)). Supported versions that are affected are 2.0.0.0.0-2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Converged Charging System accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (libxml2)). Supported versions that are affected are 7.7.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 7.5.0-7.5.1 and 7.6.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-52999 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (jackson-core)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5318 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (libssh)). Supported versions that are affected are 7.7.0 and 7.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory] The patch for CVE-2025-5318 also addresses CVE-2025-4877, CVE-2025-4878, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449, and CVE-2025-5987. |
| CVE-2025-53864 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (Nimbus JOSE+JWT)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. While the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-53864 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Nimbus JOSE+JWT)). Supported versions that are affected are 7.5.1 and 7.6.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. While the vulnerability is in Oracle Communications Unified Inventory Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-5399 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (MySQL Server)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-54090 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 12.0.0.4.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (Netty)). Supported versions that are affected are 2.0.0.0.0 and 2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-55163 also addresses CVE-2025-24970, and CVE-2025-25193. |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: REST (Netty)). Supported versions that are affected are 12.0.6.0.0 and 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications Applications (component: Installation (Netty)). Supported versions that are affected are 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Offline Mediation Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0-15.0.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Solution Designer (Netty)). Supported versions that are affected are 8.0.0.5.0 and 8.1.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 7.7.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5889 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (brace-expansion)). Supported versions that are affected are 6.1.0-6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-59375 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (LibExpat)). Supported versions that are affected are 7.7.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (SQLite)). Supported versions that are affected are 2.0.0.0.0-2.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Charging System. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Data Access Pack (SQLite)). Supported versions that are affected are 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (SQLite)). The supported version that is affected is 8.1.0.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Data Access Pack (SQLite)). Supported versions that are affected are 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (SQLite)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-7339 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Microservices (on-headers)). Supported versions that are affected are 6.1.0-6.1.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 3.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Converged Charging System product of Oracle Communications Applications (component: Installation (glibc)). Supported versions that are affected are 2.0.0.0.0-2.0.0.1.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Converged Charging System executes to compromise Oracle Communications Converged Charging System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Converged Charging System accessible data as well as unauthorized read access to a subset of Oracle Communications Converged Charging System accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Converged Charging System. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (glibc)). Supported versions that are affected are 6.1.0-6.1.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (glibc)). Supported versions that are affected are 7.7.0-7.8.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-9086 | Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (curl)). Supported versions that are affected are 7.7.0-7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-9086 also addresses CVE-2025-10148. |
Text Form of Risk Matrix for Oracle Communications
This table provides the text form of the Risk Matrix for Oracle Communications.
| CVE ID | Description |
|---|---|
| CVE-2023-26555 | Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (NTP)). The supported version that is affected is 9.0.0. Difficult to exploit vulnerability allows physical access to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] The patch for CVE-2023-26555 also addresses CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554. |
| CVE-2024-12133 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Libtasn1)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-12133 | Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (Libtasn1)). Supported versions that are affected are 10.2.1.0 and 11.0.0.1-11.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications EAGLE LNP Application Processor. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-12133 | Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (Libtasn1)). Supported versions that are affected are 13.5.1.0, 14.0.0.1 and 14.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications LSMS. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache Commons IO)). Supported versions that are affected are 46.6 and 47.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications EAGLE Element Management System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-1948 | Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Eclipse Jetty)). The supported version that is affected is 47.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Element Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-25724 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (libarchive)). Supported versions that are affected are 24.2.0-24.2.1, 24.3.0, 25.1.100 and 25.1.200. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Network Analytics Data Director executes to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-27210 | Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-27553 | Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache Commons VFS)). The supported version that is affected is 47.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Element Management System accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27553 also addresses CVE-2025-30474. |
| CVE-2025-27587 | Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (OpenSSL)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Certificate Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27587 also addresses CVE-2025-4575. |
| CVE-2025-32728 | Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Sysadmin (OpenSSH)). Supported versions that are affected are 4.1.0, 9.0.0, 9.2.0-9.3.0 and 10.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Border Controller executes to compromise Oracle Communications Session Border Controller. While the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 3.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-32728 | Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (OpenSSH)). Supported versions that are affected are 4.1.0-4.2.0 and 5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Communications Broker executes to compromise Oracle Enterprise Communications Broker. While the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 3.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-3576 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (Kerberos)). Supported versions that are affected are 24.2.0-24.2.1, 24.3.0, 25.1.100 and 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
| CVE-2025-4373 | Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (glibc)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Certificate Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory] The patch for CVE-2025-4373 also addresses CVE-2024-52533. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Python)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core DBTier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core DBTier accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core DBTier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core DBTier. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Python)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Slice Selection Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Slice Selection Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Python)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: ATS Framework (Python)). The supported version that is affected is 9.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4517 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: ATS Framework (Python)). Supported versions that are affected are 24.2.0, 24.2.1, 24.3.0, 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Analytics Data Director accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Network Analytics Data Director accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4802 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (FreeType)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-4802 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (glibc)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Apache Commons BeanUtils)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache Commons BeanUtils)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Apache Commons Lang)). Supported versions that are affected are 24.2.5 and 25.1.202. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Automated Test Suite (Apache Commons Lang)). The supported version that is affected is 9.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Apache Commons FileUpload)). Supported versions that are affected are 24.2.5 and 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Automated Test Suite Framework (Apache Commons FileUpload)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Automated Test Suite Framework (Apache Commons FileUpload)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache Commons FileUpload)). The supported version that is affected is 47.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Element Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Automated Test Suite (Apache Commons FileUpload)). Supported versions that are affected are 24.2.0-24.2.1, 24.3.0, 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 25.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Cloud Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-48989 also addresses CVE-2025-52520. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (libxml2)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Install (libxml2)). Supported versions that are affected are 24.2.5 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core DBTier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core DBTier accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core DBTier. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libxml2)). Supported versions that are affected are 24.2.5 and 25.1.202. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (libxml2)). Supported versions that are affected are 25.1.100-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Slice Selection Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (libxml2)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Install (libxml2)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794. |
| CVE-2025-49796 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (libxml2)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Alarms, KPI, and Measurements (Eclipse Jetty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Eclipse Jetty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 24.2.5 and 25.1.202. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-5115 also addresses CVE-2025-59474, CVE-2025-59475, and CVE-2025-59476. |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Eclipse Jetty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5115 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (Eclipse Jetty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53547 | Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Helm)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Function Cloud Native Environment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-53643 | Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Developer Infrastructure (AIOHTTP)). Supported versions that are affected are 5.2 and 6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Operations Monitor accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
| CVE-2025-54090 | Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 24.2.6 and 25.1.202. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Automated Test Suite accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Automated Test Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-54090 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-54090 | Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-54090 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Automated Test Suite Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Netty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Netty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Netty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-57803 | Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Developer Infrastructure (ImageMagick)). Supported versions that are affected are 5.1, 5.2 and 6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-57803 also addresses CVE-2025-55212, and CVE-2025-55298. |
| CVE-2025-58057 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (Netty)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5889 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Platform (brace-expansion)). Supported versions that are affected are 24.2.0-24.2.1, 24.3.0, 25.1.100 and 25.1.200. Difficult to exploit vulnerability allows low privileged attacker with network access via RMI to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (SQLite)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (SQLite)). Supported versions that are affected are 24.2.7-25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Automated Test Suite Framework (SQLite)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (SQLite)). Supported versions that are affected are 24.2.0-24.2.1, 24.3.0, 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-7425 | Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Certificate Management executes to compromise Oracle Communications Cloud Native Core Certificate Management. While the vulnerability is in Oracle Communications Cloud Native Core Certificate Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Certificate Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 7.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-7425 also addresses CVE-2025-49794, CVE-2025-49796, and CVE-2025-6021. |
| CVE-2025-7962 | Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Jakarta Mail)). Supported versions that are affected are 24.2.5 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (glibc)). Supported versions that are affected are 24.2.7-25.1.200. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (glibc)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Slice Selection Function executes to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Slice Selection Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Slice Selection Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (glibc)). Supported versions that are affected are 24.2.7-25.1.200. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Install (glibc)). The supported version that is affected is 25.1.201. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (glibc)). Supported versions that are affected are 25.1.200 and 25.2.100. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Service Communication Proxy executes to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: ATS Framework (glibc)). The supported version that is affected is 9.1.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 9.3.0 and 10.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Border Controller executes to compromise Oracle Communications Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 4.1.0 and 4.2.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Communications Broker executes to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8058 | Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Infrastructure (glibc)). Supported versions that are affected are 5.1, 5.2 and 6.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Operations Monitor executes to compromise Oracle Enterprise Operations Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Operations Monitor accessible data as well as unauthorized read access to a subset of Oracle Enterprise Operations Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-8916 | Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (Bouncy Castle Java Library)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Construction and Engineering
This table provides the text form of the Risk Matrix for Oracle Construction and Engineering.
| CVE ID | Description |
|---|---|
| CVE-2025-27363 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Outside In Technology Installer in P6 (FreeType)). Supported versions that are affected are 20.12.0.0-20.12.21.0, 21.12.0.0-21.12.21.2, 22.12.0.0-22.12.20.0, 23.12.0.0-23.12.14.0 and 24.12.0.0-24.12.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-27363 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (FreeType)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-27553 | Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons VFS)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27553 also addresses CVE-2025-30474. |
| CVE-2025-48924 | Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Lang)). Supported versions that are affected are 20.12.0-20.12.17 and 21.12.0-21.12.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Gateway. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Commons Lang)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Commons FileUpload)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5878 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Enterprise Security API for Java (Legacy))). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle E-Business Suite
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
| CVE ID | Description |
|---|---|
| CVE-2025-53041 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53043 | Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory] |
| CVE-2025-53052 | Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53058 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Application Logging Interfaces). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53064 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53071 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53072 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-61753 | Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-62481 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Enterprise Manager
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager.
| CVE ID | Description |
|---|---|
| CVE-2024-38819 | Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: Infrastructure Management (Spring Framework)). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2024-38819 also addresses CVE-2024-38820. |
| CVE-2025-48976 | Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-49128 | Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Security Framework (jackson-databind)). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Enterprise Manager Base Platform executes to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Financial Services Applications
This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.
| CVE ID | Description |
|---|---|
| CVE-2020-11988 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache XmlGraphics Commons)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). (legend) [Advisory] |
| CVE-2024-28168 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache FOP)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-27553 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Commons VFS)). Supported versions that are affected are 8.0.7.9 and 8.0.8.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27553 also addresses CVE-2025-30474. |
| CVE-2025-27817 | Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-31672 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache POI)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-32415 | Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Platform (libxml2)). Supported versions that are affected are 14.4.0.0.0-14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-32415 also addresses CVE-2025-32414. |
| CVE-2025-32415 | Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Maintenance (libxml2)). Supported versions that are affected are 14.5.0.0.0-14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-32415 also addresses CVE-2025-32414. |
| CVE-2025-41249 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Spring Framework)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-41249 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Platform (Spring Framework)). Supported versions that are affected are 8.0.8.1, 8.1.2.9 and 8.1.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-41249 | Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Spring Framework)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Commons Lang)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (Apache Commons Lang)). Supported versions that are affected are 8.0.8.1, 8.1.2.9 and 8.1.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (Apache Commons Lang)). The supported version that is affected is 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Commons Lang)). Supported versions that are affected are 8.1.2.7 and 8.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Commons Lang)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Commons FileUpload)). Supported versions that are affected are 8.1.2.7 and 8.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Tomcat)). Supported versions that are affected are 8.1.2.7 and 8.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-50074 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-50075 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-5115 | Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (Eclipse Jetty)). The supported version that is affected is 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53034 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53035 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-53036 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-53037 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-59375 | Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.2.9 and 8.1.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-59375 | Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (LibExpat)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-61751 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory] |
| CVE-2025-61756 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (SQLite)). The supported version that is affected is 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Fusion Middleware
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
| CVE ID | Description |
|---|---|
| CVE-2020-15250 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (GlassFish Server)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2023-1370 | Security-in-Depth issue in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (json-smart)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2023-45853 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Search Export SDK (zlib)). Supported versions that are affected are 8.5.7 and 8.5.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2024-41909 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
| CVE-2024-48014 | Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Security Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-22235 | Security-in-Depth issue in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Spring Security)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-27533 | Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-27817 | Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters (Apache Kafka)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-27817 also addresses CVE-2025-27818. |
| CVE-2025-48734 | Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF, ADF Faces (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48795 | Vulnerability in the Oracle WebCenter Forms Recognition product of Oracle Fusion Middleware (component: ALE Learnset Manager (Apache CXF)). The supported version that is affected is 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Forms Recognition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Forms Recognition accessible data as well as unauthorized read access to a subset of Oracle WebCenter Forms Recognition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Forms Recognition. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons Lang)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle WebCenter Forms Recognition product of Oracle Fusion Middleware (component: ALE Learnset Manager (Apache Commons Lang)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Forms Recognition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Forms Recognition. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Portal, Analytics and REST (Apache Commons Lang)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Lang)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Thirdparty Patch (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53816 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Core (7-Zip)). Supported versions that are affected are 8.5.7 and 8.5.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Netty)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-61752 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-61757 | Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-61764 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2025-8916 | Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Analytics
This table provides the text form of the Risk Matrix for Oracle Analytics.
| CVE ID | Description |
|---|---|
| CVE-2024-12797 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Cryptography)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Commons IO)). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-7254 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Google Protobuf-Java)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-25193 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Netty)). The supported version that is affected is 7.6.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48795 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API (Apache CXF)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Commons FileUpload)). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53049 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-61754 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Health Sciences Applications
This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.
| CVE ID | Description |
|---|---|
| CVE-2025-61885 | Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2025-62287 | Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Life Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-62288 | Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle HealthCare Applications
This table provides the text form of the Risk Matrix for Oracle HealthCare Applications.
| CVE ID | Description |
|---|---|
| CVE-2024-38819 | Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Spring Framework)). The supported version that is affected is 8.2.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Healthcare Data Repository accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2024-38819 also addresses CVE-2024-38820. |
| CVE-2025-48924 | Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Apache Commons Lang)). The supported version that is affected is 8.2.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Healthcare Data Repository. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Master Index Data Manager (Apache Commons Lang)). Supported versions that are affected are 5.0.0.0-5.0.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Hospitality Applications
This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.
| CVE ID | Description |
|---|---|
| CVE-2024-12798 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (logback)). The supported version that is affected is 23.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management (SPMS) executes to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Shipboard Property Management (SPMS) accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management (SPMS) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Shipboard Property Management (SPMS). CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Commons BeanUtils)). The supported version that is affected is 23.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management (SPMS). CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Commons Lang)). The supported version that is affected is 23.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Cruise Shipboard Property Management (SPMS). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). The supported version that is affected is 23.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management (SPMS). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-55163 | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Netty)). The supported version that is affected is 23.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management (SPMS). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Hyperion
This table provides the text form of the Risk Matrix for Oracle Hyperion.
| CVE ID | Description |
|---|---|
| CVE-2021-3712 | Vulnerability in the Oracle Hyperion Financial Management product of Oracle Hyperion (component: Installation (OpenSSL)). The supported version that is affected is 11.2.22.0.000. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Management. CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H). (legend) [Advisory] The patch for CVE-2021-3712 also addresses CVE-2021-3711. |
| CVE-2024-23807 | Vulnerability in the Oracle Hyperion Financial Management product of Oracle Hyperion (component: Security (Apache Xerces-C++)). The supported version that is affected is 11.2.22.0.000. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Financial Management. Note: Apply to Linux release only. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-3573 | Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Client - Unicode (jQuery)). The supported version that is affected is 11.2.22.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Data Relationship Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Data Relationship Management accessible data as well as unauthorized read access to a subset of Oracle Hyperion Data Relationship Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Hyperion Calculation Manager product of Oracle Hyperion (component: Security (Apache Commons BeanUtils)). The supported version that is affected is 11.2.22.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Calculation Manager. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Calculation Manager. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons BeanUtils)). The supported version that is affected is 11.2.22.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Security (Apache Commons BeanUtils)). The supported version that is affected is 11.2.22.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Planning. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Hyperion Calculation Manager product of Oracle Hyperion (component: Security (Apache Commons FileUpload)). The supported version that is affected is 11.2.22.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Calculation Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Calculation Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Insurance Applications
This table provides the text form of the Risk Matrix for Oracle Insurance Applications.
| CVE ID | Description |
|---|---|
| CVE-2022-24329 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: EWPS (JetBrains Kotlin)). Supported versions that are affected are 12.7.2.4, 13.0.0.3 and 13.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Documaker accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2023-2976 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: EWPS (Google Guava)). Supported versions that are affected are 12.7.2.4, 13.0.0.3 and 13.0.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Documaker executes to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Documaker accessible data as well as unauthorized access to critical data or complete access to all Oracle Documaker accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: EWPS (Apache Commons IO)). Supported versions that are affected are 12.7.2.4, 13.0.0.3 and 13.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Documaker. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-27363 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Documaker Core (FreeType)). Supported versions that are affected are 13.0.0.3 and 13.0.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: EWPS (Apache Commons BeanUtils)). Supported versions that are affected are 12.7.2.4, 13.0.0.3 and 13.0.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Third Party (Apache Commons BeanUtils)). Supported versions that are affected are 11.3.1-12.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration J2EE. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Docupresentment (Apache Commons FileUpload)). Supported versions that are affected are 12.7.2.4, 13.0.0.3 and 13.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Insurance Applications (component: Architecture (Apache Commons FileUpload)). Supported versions that are affected are 11.3.1-12.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Policy Administration J2EE. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Java SE
This table provides the text form of the Risk Matrix for Oracle Java SE.
| CVE ID | Description |
|---|---|
| CVE-2025-31257 | Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u461-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-31257 also addresses CVE-2025-24189, CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240, CVE-2025-43265, and CVE-2025-6558. |
| CVE-2025-53057 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (legend) [Advisory] |
| CVE-2025-53066 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-61748 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-61755 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle JD Edwards
This table provides the text form of the Risk Matrix for Oracle JD Edwards.
| CVE ID | Description |
|---|---|
| CVE-2021-22897 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (curl)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2024-13009 | Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Eclipse Jetty)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2024-52046 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC (Apache Mina)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2024-9143 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows low privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-31672 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache POI)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Portal Security (Apache Commons BeanUtils)). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-53056 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Object and Environment Tech). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53060 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
| CVE ID | Description |
|---|---|
| CVE-2024-12133 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Libtasn1)). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-35195 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Requests)). Supported versions that are affected are 8.0.0-8.0.40, 8.4.0-8.4.3 and 9.0.0-9.1.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Cluster accessible data as well as unauthorized access to critical data or complete access to all MySQL Cluster accessible data. CVSS 3.1 Base Score 5.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N). (legend) [Advisory] |
| CVE-2025-4517 | Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (Python)). Supported versions that are affected are 8.0.0-8.0.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data as well as unauthorized access to critical data or complete access to all MySQL Workbench accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Workbench. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-47273 | Security-in-Depth issue in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (Python setuptools)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-49796 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libxml2)). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Cluster accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-49796 | Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libxml2)). Supported versions that are affected are 8.0.0-8.0.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-49796 also addresses CVE-2025-49794, and CVE-2025-49795. |
| CVE-2025-53040 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53042 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53044 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53045 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53053 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory] |
| CVE-2025-53054 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (legend) [Advisory] |
| CVE-2025-53062 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53067 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53069 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5318 | Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libssh)). Supported versions that are affected are 8.0.0-8.0.43. Easily exploitable vulnerability allows low privileged attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Workbench accessible data as well as unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory] The patch for CVE-2025-5318 also addresses CVE-2025-4877, CVE-2025-4878, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449, and CVE-2025-5987. |
| CVE-2025-5399 | Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Backup. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-5399 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (curl)). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-6965 | Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (SQLite)). Supported versions that are affected are 8.0.0-8.0.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle PeopleSoft
This table provides the text form of the Risk Matrix for Oracle PeopleSoft.
| CVE ID | Description |
|---|---|
| CVE-2024-54160 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards (OpenSearch Dashboards)). The supported version that is affected is 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-31672 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision (Apache POI)). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2025-4517 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). (legend) [Advisory] The patch for CVE-2025-4517 also addresses CVE-2024-12718, CVE-2024-9287, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4435. |
| CVE-2025-4575 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security, Porting, Cloud Deployment Architecture (OpenSSL)). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal (Apache Commons BeanUtils)). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the PeopleSoft Enterprise CS Financial Aid product of Oracle PeopleSoft (component: FM Need Analysis Calculator (Apache Commons Lang)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise CS Financial Aid. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-50181 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (urllib3)). Supported versions that are affected are 8.60, 8.61 and 8.62. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2025-50181 also addresses CVE-2025-50182. |
| CVE-2025-53048 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53050 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53055 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53059 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-53061 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53063 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-53065 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-61750 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (legend) [Advisory] |
| CVE-2025-61758 | Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN IT Asset Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN IT Asset Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-61761 | Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Maintenance Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). (legend) [Advisory] |
| CVE-2025-61762 | Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Payables accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Payables accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Payables. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Retail Applications
This table provides the text form of the Risk Matrix for Oracle Retail Applications.
| CVE ID | Description |
|---|---|
| CVE-2023-34053 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Spring Framework)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2023-44483 | Vulnerability in the Oracle Retail Advanced Inventory Planning product of Oracle Retail Applications (component: Internal Operations (Apache Santuario XML Security For Java)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Retail Advanced Inventory Planning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Advanced Inventory Planning accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Apache Commons IO)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Commons IO)). Supported versions that are affected are 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Price Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Retail Invoice Matching product of Oracle Retail Applications (component: Security (Apache Commons BeanUtils)). Supported versions that are affected are 15.0.3.1 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks of this vulnerability can result in takeover of Oracle Retail Invoice Matching. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Retail Predictive Application Server product of Oracle Retail Applications (component: Fusion Client (Apache Commons BeanUtils)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Retail Predictive Application Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Commons BeanUtils)). Supported versions that are affected are 15.0.3.1 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Price Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Apache Commons Lang)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Financial Integration. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Commons Lang)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Apache Commons Lang)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: Security (Apache Commons Lang)). Supported versions that are affected are 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Sales Audit. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (Apache Commons Lang)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Service Backbone. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48924 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Lang)). Supported versions that are affected are 20.0.5, 21.0.4, 22.0.2, 23.0.2, 24.0.1 and 25.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Apache Commons FileUpload)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons FileUpload)). Supported versions that are affected are 20.0.5, 21.0.4, 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security (Apache Tomcat)). Supported versions that are affected are 20.0.5, 21.0.4, 22.0.2, 23.0.2, 24.0.1 and 25.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Retail Xstore Office. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Office. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48989 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). The supported version that is affected is 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-48989 also addresses CVE-2025-48988, CVE-2025-49124, CVE-2025-49125, CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506. |
| CVE-2025-55163 | Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Netty)). Supported versions that are affected are 22.0.2, 23.0.2 and 24.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Siebel CRM
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
| CVE ID | Description |
|---|---|
| CVE-2020-13956 | Vulnerability in the Siebel CRM Development product of Oracle Siebel CRM (component: Siebel Approval Manager (Apache HttpClient)). Supported versions that are affected are Prior to 25.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Development. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM Development accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (legend) [Advisory] |
| CVE-2021-28165 | Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: Desktop Integration Siebel Agent (Apache ZooKeeper)). Supported versions that are affected are Prior to 25.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM End User. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2024-4140 | Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Email-MIME)). Supported versions that are affected are Prior to 25.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache Commons IO)). Supported versions that are affected are Prior to 25.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Apps - Marketing. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Web Marketing (Apache Commons IO)). Supported versions that are affected are Prior to 25.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel Apps - Marketing. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-47554 | Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Spring Framework)). Supported versions that are affected are Prior to 25.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM Deployment. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] The patch for CVE-2024-47554 also addresses CVE-2022-22968, CVE-2022-25647, and CVE-2024-38820. |
| CVE-2025-31651 | Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Application Interface (Apache Tomcat)). Supported versions that are affected are Prior to 25.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] The patch for CVE-2025-31651 also addresses CVE-2025-31650. |
| CVE-2025-48988 | Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface (Apache Tomcat)). Supported versions that are affected are Prior to 25.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM End User. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] The patch for CVE-2025-48988 also addresses CVE-2025-49124, and CVE-2025-49125. |
Text Form of Risk Matrix for Oracle Supply Chain
This table provides the text form of the Risk Matrix for Oracle Supply Chain.
| CVE ID | Description |
|---|---|
| CVE-2025-48976 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Install (Apache Commons FileUpload)). The supported version that is affected is 6.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Systems
This table provides the text form of the Risk Matrix for Oracle Systems.
| CVE ID | Description |
|---|---|
| CVE-2020-17521 | Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Core (Apache Groovy)). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris Cluster executes to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2024-38819 | Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Core (Spring Framework)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (legend) [Advisory] The patch for CVE-2024-38819 also addresses CVE-2024-38820. |
| CVE-2024-47554 | Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Core (Apache Commons IO)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2024-57699 | Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Core (json-smart)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Core (Apache Commons BeanUtils)). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Oracle Solaris Cluster. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-53046 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53068 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53070 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62289 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62290 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62475 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62476 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62477 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62478 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-62479 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
| CVE-2025-62480 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Utilities Applications
This table provides the text form of the Risk Matrix for Oracle Utilities Applications.
| CVE ID | Description |
|---|---|
| CVE-2025-48734 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: Security (Apache Commons BeanUtils)). Supported versions that are affected are 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.4.0.4.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 24.2.0.0.0, 24.3.0.0.0, 25.4 and 25.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-48734 | Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Core (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [Advisory] |
| CVE-2025-48976 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.4.0.4.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 24.2.0.0.0, 24.3.0.0.0, 25.4 and 25.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory] |
| CVE-2025-53864 | Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: Security (Nimbus JOSE+JWT)). Supported versions that are affected are 4.3.0.5.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.4.0.4.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 24.2.0.0.0, 24.3.0.0.0, 25.4 and 25.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. While the vulnerability is in Oracle Utilities Application Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). (legend) [Advisory] |
Text Form of Risk Matrix for Oracle Virtualization
This table provides the text form of the Risk Matrix for Oracle Virtualization.
| CVE ID | Description |
|---|---|
| CVE-2025-61759 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-61760 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62587 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62588 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62589 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62590 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory] |
| CVE-2025-62591 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-62592 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). (legend) [Advisory] |
| CVE-2025-62641 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory] |