VDB
CVE-2024-29025
CVE-2024-29025
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In Oracle NoSQL Database existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, authentisierter Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu dieser Schwachstelle (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier "LOW" für "Availability" und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
EPSS 0.34% · 57.2th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.34%
57.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Database Server <=21.15 | |
| IBM | IBM FileNet Content Manager 5.5.12 | |
| IBM | IBM QRadar SIEM | |
| Oracle | Oracle Retail Applications 24.0.1 | |
| Oracle | Oracle TimesTen In-Memory Database <=22.1.1.24.0 | |
| Oracle | Oracle Financial Services Applications 8.0.8.2.8 | |
| Oracle | Oracle Communications 23.4.2 | |
| Oracle | Oracle Utilities Applications 4.0.0.0.0 | |
| Oracle | Oracle Communications Applications 7.4.0 | |
| Oracle | Oracle Communications 5.2 | |
| Oracle | Oracle Communications Applications 2.0.0.0.0 | |
| Oracle | Oracle Communications Applications 15.0.0.0 | |
| Oracle | Oracle Financial Services Applications 8.0.7 | |
| Oracle | Oracle Commerce 11.3.0 | |
| Oracle | Oracle Financial Services Applications 14.7.5.0.0 | |
| Oracle | Oracle Communications 46.6.5 | |
| Oracle | Oracle Financial Services Applications 14.7.0.0.0 | |
| Oracle | Oracle Communications 23.4.1 | |
| Oracle | Oracle Communications 9.3.0 | |
| Red Hat | Red Hat OpenShift |
…and 165 more
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog (certbund)
- https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 (nist-nvd)
- https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v (nist-nvd)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
…and 2 more exploits
Timeline
- CVE Published
- Jan 21, 1970 Security Advisory
- Mar 26, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- Jun 11, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
- Aug 1, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 12, 2024 EPSS Score
- Dec 9, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1622.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1622 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixOCOM advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW advisory
- https://github.com/k4it0k1d/CVE-2024-21182 advisory
- https://www.ibm.com/support/pages/node/7184867 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1638.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1638 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixIFLX advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU advisory
- https://access.redhat.com/errata/RHSA-2024:6016 advisory
- https://access.redhat.com/errata/RHSA-2024:9975 advisory
- https://access.redhat.com/errata/RHSA-2024:9976 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1643.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1643 advisory
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCAGBU advisory
…and 88 more