Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-53643 (GCVE-0-2025-53643)
Vulnerability from cvelistv5 – Published: 2025-07-14 20:17 – Updated: 2025-07-15 19:50
VLAI
EPSS
VEX
Title
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
Summary
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/aio-libs/aiohttp/security/advi… | x_refsource_CONFIRM |
| https://github.com/aio-libs/aiohttp/commit/e8d774… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T14:43:18.333063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:50:40.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aiohttp",
"vendor": "aio-libs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.12.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:17:18.247Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
},
{
"name": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
}
],
"source": {
"advisory": "GHSA-9548-qrrj-x5pj",
"discovery": "UNKNOWN"
},
"title": "AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53643",
"datePublished": "2025-07-14T20:17:18.247Z",
"dateReserved": "2025-07-07T14:20:38.391Z",
"dateUpdated": "2025-07-15T19:50:40.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-53643",
"date": "2026-07-17",
"epss": "0.00297",
"percentile": "0.21623"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-53643\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-14T21:15:27.827\",\"lastModified\":\"2026-06-17T09:38:37.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.\"},{\"lang\":\"es\",\"value\":\"AIOHTTP es un framework cliente/servidor HTTP as\u00edncrono para asyncio y Python. En versiones anteriores a la 3.12.14, el analizador de Python era vulnerable a una vulnerabilidad de contrabando de solicitudes debido a que no analizaba las secciones finales de una solicitud HTTP. Si se instala una versi\u00f3n de aiohttp pura en Python (es decir, sin las extensiones habituales de C) o se habilita AIOHTTP_NO_EXTENSIONS, un atacante podr\u00eda ejecutar un ataque de contrabando de solicitudes para eludir ciertas protecciones de firewall o proxy. La versi\u00f3n 3.12.14 incluye un parche para este problema.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"aio-libs\",\"product\":\"aiohttp\",\"versions\":[{\"version\":\"\u003c 3.12.14\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-07-15T14:43:18.333063Z\",\"id\":\"CVE-2025-53643\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.12.14\",\"matchCriteriaId\":\"913D38BB-A5BC-4538-B39B-06CEF0A24987\"}]}]}],\"references\":[{\"url\":\"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Low",
"current_release_date": "2026-07-09T23:10:42+00:00",
"cve": "CVE-2025-53643",
"id": "CVE-2025-53643",
"initial_release_date": "2025-07-14T20:17:18.247000+00:00",
"product_status:fixed": "36",
"product_status:known_affected": "17",
"product_status:known_not_affected": "859",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "aiohttp: AIOHTTP HTTP Request/Response Smuggling",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53643.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53643\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-15T14:43:18.333063Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-15T13:27:18.855Z\"}}], \"cna\": {\"title\": \"AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections\", \"source\": {\"advisory\": \"GHSA-9548-qrrj-x5pj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"aio-libs\", \"product\": \"aiohttp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.12.14\"}]}], \"references\": [{\"url\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj\", \"name\": \"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a\", \"name\": \"https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-14T20:17:18.247Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53643\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-15T19:50:40.717Z\", \"dateReserved\": \"2025-07-07T14:20:38.391Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-14T20:17:18.247Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2025-2798
Vulnerability from csaf_certbund - Published: 2025-12-09 23:00 - Updated: 2026-06-16 22:00Summary
Red Hat OpenShift Service Mesh: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Sicherheitsvorkehrungen zu umgehen, schädlichen Code auszuführen oder einen Denial of Service herbeizuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Service Mesh
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:service_mesh
|
Service Mesh | |
|
Red Hat OpenShift Container Platform <4.19.32
Red Hat / OpenShift
|
Container Platform <4.19.32 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Service Mesh
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:service_mesh
|
Service Mesh | |
|
Red Hat OpenShift Container Platform <4.19.32
Red Hat / OpenShift
|
Container Platform <4.19.32 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Service Mesh
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:service_mesh
|
Service Mesh | |
|
Red Hat OpenShift Container Platform <4.19.32
Red Hat / OpenShift
|
Container Platform <4.19.32 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
36 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Sicherheitsvorkehrungen zu umgehen, sch\u00e4dlichen Code auszuf\u00fchren oder einen Denial of Service herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2798 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2798.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2798 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2798"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22939 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22939"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22944 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22944"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22936 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22937 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22938 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22938"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22941 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22941"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255417 vom 2025-12-19",
"url": "https://www.ibm.com/support/pages/node/7255417"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0261 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0261"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0414 vom 2026-01-09",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1249 vom 2026-01-26",
"url": "https://access.redhat.com/errata/RHSA-2026:1249"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1248 vom 2026-01-26",
"url": "https://access.redhat.com/errata/RHSA-2026:1248"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1506 vom 2026-01-28",
"url": "https://access.redhat.com/errata/RHSA-2026:1506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1517 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1596 vom 2026-01-29",
"url": "https://access.redhat.com/errata/RHSA-2026:1596"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1730 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2139 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2139"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2144 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2144"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2456 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2568 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2568"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2760 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2760"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2762 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2737 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2926 vom 2026-02-18",
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3712 vom 2026-03-04",
"url": "https://access.redhat.com/errata/RHSA-2026:3712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3713 vom 2026-03-04",
"url": "https://access.redhat.com/errata/RHSA-2026:3713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3710 vom 2026-03-04",
"url": "https://access.redhat.com/errata/RHSA-2026:3710"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3874 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3874"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3960 vom 2026-03-06",
"url": "https://access.redhat.com/errata/RHSA-2026:3960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6192 vom 2026-03-30",
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15979 vom 2026-05-11",
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20041 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26411 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Service Mesh: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:09:55.099+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2025-2798",
"initial_release_date": "2025-12-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Service Mesh",
"product": {
"name": "Red Hat OpenShift Service Mesh",
"product_id": "T013933",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.19.32",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.19.32",
"product_id": "T054748"
}
},
{
"category": "product_version",
"name": "Container Platform 4.19.32",
"product": {
"name": "Red Hat OpenShift Container Platform 4.19.32",
"product_id": "T054748-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.19.32"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53643",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T054748",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-64756",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T054748",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-66031",
"product_status": {
"known_affected": [
"67646",
"T013933",
"T054748",
"T032495"
]
},
"release_date": "2025-12-09T23:00:00.000+00:00",
"title": "CVE-2025-66031"
}
]
}
WID-SEC-W-2026-0165
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-01-20 23:00Summary
Oracle Siebel CRM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Siebel CRM ist eine CRM-Lösung von Oracle.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
Affected products
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=25.10
Oracle / Siebel CRM
|
<=25.10 | ||
|
Oracle Siebel CRM <=25.2
Oracle / Siebel CRM
|
<=25.2 | ||
|
Oracle Siebel CRM <=25.9
Oracle / Siebel CRM
|
<=25.9 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Siebel CRM ist eine CRM-L\u00f6sung von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0165 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0165.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0165 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0165"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle Siebel CRM vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixSECR"
}
],
"source_lang": "en-US",
"title": "Oracle Siebel CRM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-20T23:00:00.000+00:00",
"generator": {
"date": "2026-01-21T09:05:44.183+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0165",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=25.2",
"product": {
"name": "Oracle Siebel CRM \u003c=25.2",
"product_id": "T042836"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.2",
"product": {
"name": "Oracle Siebel CRM \u003c=25.2",
"product_id": "T042836-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.10",
"product": {
"name": "Oracle Siebel CRM \u003c=25.10",
"product_id": "T047959"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.10",
"product": {
"name": "Oracle Siebel CRM \u003c=25.10",
"product_id": "T047959-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.11",
"product": {
"name": "Oracle Siebel CRM \u003c=25.11",
"product_id": "T050156"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.11",
"product": {
"name": "Oracle Siebel CRM \u003c=25.11",
"product_id": "T050156-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.9",
"product": {
"name": "Oracle Siebel CRM \u003c=25.9",
"product_id": "T050157"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.9",
"product": {
"name": "Oracle Siebel CRM \u003c=25.9",
"product_id": "T050157-fixed"
}
}
],
"category": "product_name",
"name": "Siebel CRM"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-33813",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2022-23395",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2022-23395"
},
{
"cve": "CVE-2024-23807",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2025-27817",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-4575",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-4575"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-48989",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-53547",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-53643",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-5372",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-6965",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-8916",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2026-21926",
"product_status": {
"last_affected": [
"T047959",
"T042836",
"T050157",
"T050156"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21926"
}
]
}
WID-SEC-W-2026-1212
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-04-21 22:00Summary
Oracle Utilities Applications: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 2.6.0.2.6
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.2.6
|
2.6.0.2.6 | |
|
Oracle Utilities Applications 7.0.0.0.7
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.0.7
|
7.0.0.0.7 | |
|
Oracle Utilities Applications 2.5.0.2.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.10
|
2.5.0.2.10 | |
|
Oracle Utilities Applications 25.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.10
|
25.1 | |
|
Oracle Utilities Applications 2.6.0.1.10
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.10
|
2.6.0.1.10 | |
|
Oracle Utilities Applications 26.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:26.4
|
26.4 | |
|
Oracle Utilities Applications 2.5.0.1.16
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.16
|
2.5.0.1.16 | |
|
Oracle Utilities Applications 25.4
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4
|
25.4 | |
|
Oracle Utilities Applications 7.1.0.0.45
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.1.0.0.45
|
7.1.0.0.45 | |
|
Oracle Utilities Applications 25.12.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.12.0.0.0
|
25.12.0.0.0 | |
|
Oracle Utilities Applications 7.0.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:7.0.0.1.5
|
7.0.0.1.5 | |
|
Oracle Utilities Applications 25.4.0.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:25.4.0.0.2
|
25.4.0.0.2 |
Last affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.5.0.2.0
Oracle / Utilities Applications
|
<=4.5.0.2.0 | ||
|
Oracle Utilities Applications <=4.4.0.4.0
Oracle / Utilities Applications
|
<=4.4.0.4.0 | ||
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 | ||
|
Oracle Utilities Applications <=4.4.0.3.0
Oracle / Utilities Applications
|
<=4.4.0.3.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1212 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1212.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1212 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1212"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2026 - Appendix Oracle Utilities Applications vom 2026-04-21",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixUTIL"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-21T22:00:00.000+00:00",
"generator": {
"date": "2026-04-22T09:09:20.723+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1212",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.1.0.0.45",
"product": {
"name": "Oracle Utilities Applications 7.1.0.0.45",
"product_id": "T053138",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:7.1.0.0.45"
}
}
},
{
"category": "product_version",
"name": "25.12.0.0.0",
"product": {
"name": "Oracle Utilities Applications 25.12.0.0.0",
"product_id": "T053139",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:25.12.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.5.0.1.16",
"product": {
"name": "Oracle Utilities Applications 2.5.0.1.16",
"product_id": "T053140",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.1.16"
}
}
},
{
"category": "product_version",
"name": "2.5.0.2.10",
"product": {
"name": "Oracle Utilities Applications 2.5.0.2.10",
"product_id": "T053141",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.2.10"
}
}
},
{
"category": "product_version",
"name": "2.6.0.1.10",
"product": {
"name": "Oracle Utilities Applications 2.6.0.1.10",
"product_id": "T053142",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.6.0.1.10"
}
}
},
{
"category": "product_version",
"name": "2.6.0.2.6",
"product": {
"name": "Oracle Utilities Applications 2.6.0.2.6",
"product_id": "T053143",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.6.0.2.6"
}
}
},
{
"category": "product_version",
"name": "7.0.0.0.7",
"product": {
"name": "Oracle Utilities Applications 7.0.0.0.7",
"product_id": "T053144",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:7.0.0.0.7"
}
}
},
{
"category": "product_version",
"name": "7.0.0.1.5",
"product": {
"name": "Oracle Utilities Applications 7.0.0.1.5",
"product_id": "T053145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:7.0.0.1.5"
}
}
},
{
"category": "product_version",
"name": "25.4.0.0.2",
"product": {
"name": "Oracle Utilities Applications 25.4.0.0.2",
"product_id": "T053146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:25.4.0.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T053147"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T053147-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.4.0.3.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.4.0.3.0",
"product_id": "T053148"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.4.0.3.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.4.0.3.0",
"product_id": "T053148-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.4.0.4.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.4.0.4.0",
"product_id": "T053149"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.4.0.4.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.4.0.4.0",
"product_id": "T053149-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.5.0.2.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.5.0.2.0",
"product_id": "T053150"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.5.0.2.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.5.0.2.0",
"product_id": "T053150-fixed"
}
},
{
"category": "product_version",
"name": "25.4",
"product": {
"name": "Oracle Utilities Applications 25.4",
"product_id": "T053151",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:25.4"
}
}
},
{
"category": "product_version",
"name": "25.1",
"product": {
"name": "Oracle Utilities Applications 25.10",
"product_id": "T053152",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:25.10"
}
}
},
{
"category": "product_version",
"name": "26.4",
"product": {
"name": "Oracle Utilities Applications 26.4",
"product_id": "T053153",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:26.4"
}
}
}
],
"category": "product_name",
"name": "Utilities Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-17521",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-53643",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-53643"
},
{
"cve": "CVE-2025-66418",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-68161",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T053143",
"T053144",
"T053141",
"T053152",
"T053142",
"T053153",
"T053140",
"T053151",
"T053138",
"T053139",
"T053145",
"T053146"
],
"last_affected": [
"T053150",
"T053149",
"T053147",
"T053148"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24734"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…