VDB
WID-SEC-W-2025-1212
WID-SEC-W-2025-1212
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Mit der Unified Communications Suite bietet Oracle eine Messaging- und Collaboration-Plattform an. Oracle Communications Policy Management ist ein Produkt von Oracle und vereint mehrere Bereiche der Kommunikation. Oracle Communications Unified Inventory Management (UIM) ist eine offene, standardbasierte Anwendung, die eine Bestandsaufnahme von Kommunikationsdiensten und -ressourcen ermöglicht.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Communications Messaging Server 8.1 | ||
| Oracle Communications Service Broker 6.0 | ||
| Oracle Communications EAGLE LNP Application Processor 10.2 | ||
| Oracle Communications LSMS 13.2 | ||
| Oracle Communications Session Border Controller 8.1.0 | ||
| Oracle Communications LSMS 13.1 | ||
| Oracle Communications Policy Management 12.4 | ||
| Ubuntu Linux | ||
| Oracle Communications Session Border Controller 8.2.0 | ||
| Oracle Communications LSMS 13.3 | ||
| Oracle Communications Policy Management 12.2 | ||
| Oracle Enterprise Communications Broker 3.1.0 | ||
| Oracle Communications EAGLE LNP Application Processor 10.0 | ||
| Oracle Enterprise Communications Broker 3.0.0 | ||
| Xerox FreeFlow Print Server 9 | ||
| Oracle Communications Messaging Server 8.0 | ||
| Oracle Communications Policy Management 12.3 | ||
| Oracle Communications Policy Management 12.1 | ||
| Oracle Communications EAGLE LNP Application Processor 10.1 | ||
| Oracle Communications Session Border Controller 8.0.0 |
Exploit Intelligence
- OpenSSL CVE-2017-3730 proof-of-concept (github-poc)
- Improved version of PikaChu CVE (github-poc)
- CVE-2017-12617 (github-poc)
- scirusvulgaris/CVE-2017-12617 (github-poc)
- K3ysTr0K3R/CVE-2017-12617-EXPLOIT (github-poc)
- CVE-2017-12617 is a critical vulnerability leading to Remote Code Execution (RCE) in Apache Tomcat. (github-poc)
- An implementation of CVE-2017-12617 (github-poc)
- Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution for Python3 (github-poc)
- Proof of Concept - RCE Exploitation : Web Shell on Apache Tomcat - Ensimag January 2018 (github-poc)
- qiantu88/CVE-2017-12617 (github-poc)
…and 12 more exploits
Timeline
- Apr 16, 2019 CVE Published
- Jun 2, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1212.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1212 advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixCGBU url
- https://usn.ubuntu.com/4218-1/ url
- https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf url