CVE-2022-22965

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. La explotación específica requiere que la aplicación sea ejecutada en Tomcat como un despliegue WAR. Si la aplicación es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotación. Sin embargo, la naturaleza de la vulnerabilidad es más general, y puede haber otras formas de explotarla

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, (transitively affected from Spring Beans), using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionality within the Java Virtual Machine.

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-10 CVE Reserved
2022-04-01 CVE Published
2022-04-01 First Exploit
2022-04-04 Exploited in Wild
2022-04-25 KEV Due Date
2024-08-03 CVE Updated
2024-11-05 EPSS Updated

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (36)

URL	Tag	Source
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://github.com/spring-projects/spring-framework/issues/28261

URL	Date	SRC
https://github.com/0zvxr/CVE-2022-22965	2022-04-13
https://github.com/alt3kx/CVE-2022-22965	2022-04-07
https://github.com/zangcc/CVE-2022-22965-rexbb	2023-11-14
https://github.com/Kirill89/CVE-2022-22965-PoC	2022-04-01
https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce	2022-04-01
https://github.com/p1ckzi/CVE-2022-22965	2022-06-30
https://github.com/me2nuk/CVE-2022-22965	2022-04-04
https://github.com/light-Life/CVE-2022-22965-GUItools	2022-04-02
https://github.com/viniciuspereiras/CVE-2022-22965-poc	2023-11-29
https://github.com/itsecurityco/CVE-2022-22965	2022-04-03
https://github.com/GuayoyoCyber/CVE-2022-22965	2022-04-19
https://github.com/zer0yu/CVE-2022-22965	2022-04-07
https://github.com/sunnyvale-it/CVE-2022-22965-PoC	2023-04-27
https://github.com/nu0l/CVE-2022-22965	2022-04-08
https://github.com/netcode/Spring4shell-CVE-2022-22965-POC	2022-04-04
https://github.com/BKLockly/CVE-2022-22965	2023-06-04
https://github.com/Wrin9/CVE-2022-22965	2022-04-02
https://github.com/jakabakos/CVE-2022-22965-Spring4Shell	2023-06-21
https://github.com/mariomamo/CVE-2022-22965	2022-04-28
https://github.com/iloveflag/Fast-CVE-2022-22965	2022-11-08
https://github.com/likewhite/CVE-2022-22965	2023-01-31
https://github.com/khidottrivi/CVE-2022-22965	2022-04-27
https://github.com/CalumHutton/CVE-2022-22965-PoC_Payara	2022-04-08
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html	2024-08-03

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf	2023-02-09
https://www.oracle.com/security-alerts/cpujul2022.html	2023-02-09

URL	Date	SRC
https://tanzu.vmware.com/security/cve-2022-22965	2022-03-31
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67	2023-02-09
https://access.redhat.com/security/cve/CVE-2022-22965	2022-04-27
https://bugzilla.redhat.com/show_bug.cgi?id=2070348	2022-04-27
https://access.redhat.com/security/vulnerabilities/RHSB-2022-003	2022-04-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Spring Framework Search vendor "Vmware" for product "Spring Framework"				< 5.2.20 Search vendor "Vmware" for product "Spring Framework" and version " < 5.2.20"		-		Affected
Vmware Search vendor "Vmware"		Spring Framework Search vendor "Vmware" for product "Spring Framework"				>= 5.3.0 < 5.3.18 Search vendor "Vmware" for product "Spring Framework" and version " >= 5.3.0 < 5.3.18"		-		Affected
Cisco Search vendor "Cisco"		Cx Cloud Agent Search vendor "Cisco" for product "Cx Cloud Agent"				< 2.1.0 Search vendor "Cisco" for product "Cx Cloud Agent" and version " < 2.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Automated Test Suite Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite"				1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite" and version "1.9.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Automated Test Suite Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Automated Test Suite" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console"				1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Exposure Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment"				1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.10.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"				1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"				1.8.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.8.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"				1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.15.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy"				1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.15.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"				1.7.0 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "1.7.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"				1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "1.15.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"				22.1.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "22.1.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Policy Management Search vendor "Oracle" for product "Communications Policy Management"				12.6.0.0.0 Search vendor "Oracle" for product "Communications Policy Management" and version "12.6.0.0.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"				8.1.1 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.1"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"				8.1.2.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.2.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"				8.1.1.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.1.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"				8.1.1.1 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.1.1"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"				8.1.2.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.2.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				8.1.1.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.1.1.0"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				8.1.1.1 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.1.1.1"		-		Affected
Oracle Search vendor "Oracle"		Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management"				8.1.2.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.1.2.0"		-		Affected
Oracle Search vendor "Oracle"		Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor"				< 8.0.29 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " < 8.0.29"		-		Affected
Oracle Search vendor "Oracle"		Product Lifecycle Analytics Search vendor "Oracle" for product "Product Lifecycle Analytics"				3.6.1 Search vendor "Oracle" for product "Product Lifecycle Analytics" and version "3.6.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				20.0.1 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "20.0.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Xstore Point Of Service Search vendor "Oracle" for product "Retail Xstore Point Of Service"				21.0.0 Search vendor "Oracle" for product "Retail Xstore Point Of Service" and version "21.0.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge"				9.0 Search vendor "Oracle" for product "Sd-wan Edge" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge"				9.1 Search vendor "Oracle" for product "Sd-wan Edge" and version "9.1"		-		Affected
Siemens Search vendor "Siemens"		Operation Scheduler Search vendor "Siemens" for product "Operation Scheduler"				< 2.0.4 Search vendor "Siemens" for product "Operation Scheduler" and version " < 2.0.4"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.80 Search vendor "Siemens" for product "Sipass Integrated" and version "2.80"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.85 Search vendor "Siemens" for product "Sipass Integrated" and version "2.85"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.5 Search vendor "Siemens" for product "Siveillance Identity" and version "1.5"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.6 Search vendor "Siemens" for product "Siveillance Identity" and version "1.6"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3.100 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3.100"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3.200 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3.200"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3.100 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3.100"		-		Affected
Veritas Search vendor "Veritas"		Access Appliance Search vendor "Veritas" for product "Access Appliance"				7.4.3.200 Search vendor "Veritas" for product "Access Appliance" and version "7.4.3.200"		-		Affected
Veritas Search vendor "Veritas"		Flex Appliance Search vendor "Veritas" for product "Flex Appliance"				1.3 Search vendor "Veritas" for product "Flex Appliance" and version "1.3"		-		Affected
Veritas Search vendor "Veritas"		Flex Appliance Search vendor "Veritas" for product "Flex Appliance"				2.0 Search vendor "Veritas" for product "Flex Appliance" and version "2.0"		-		Affected
Veritas Search vendor "Veritas"		Flex Appliance Search vendor "Veritas" for product "Flex Appliance"				2.0.1 Search vendor "Veritas" for product "Flex Appliance" and version "2.0.1"		-		Affected
Veritas Search vendor "Veritas"		Flex Appliance Search vendor "Veritas" for product "Flex Appliance"				2.0.2 Search vendor "Veritas" for product "Flex Appliance" and version "2.0.2"		-		Affected
Veritas Search vendor "Veritas"		Flex Appliance Search vendor "Veritas" for product "Flex Appliance"				2.1 Search vendor "Veritas" for product "Flex Appliance" and version "2.1"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Flex Scale Appliance Search vendor "Veritas" for product "Netbackup Flex Scale Appliance"				2.1 Search vendor "Veritas" for product "Netbackup Flex Scale Appliance" and version "2.1"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Flex Scale Appliance Search vendor "Veritas" for product "Netbackup Flex Scale Appliance"				3.0 Search vendor "Veritas" for product "Netbackup Flex Scale Appliance" and version "3.0"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.0 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.0"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.0.0.1"		maintenance_release1		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.0.0.1"		maintenance_release2		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.0.0.1"		maintenance_release3		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.1"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.1.0.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.1.0.1"		maintenance_release1		Affected
Veritas Search vendor "Veritas"		Netbackup Appliance Search vendor "Veritas" for product "Netbackup Appliance"				4.1.0.1 Search vendor "Veritas" for product "Netbackup Appliance" and version "4.1.0.1"		maintenance_release2		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.0 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.0"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.0.0.1"		maintenance_release1		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.0.0.1"		maintenance_release2		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.0.0.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.0.0.1"		maintenance_release3		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.1"		-		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.1.0.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.1.0.1"		maintenance_release1		Affected
Veritas Search vendor "Veritas"		Netbackup Virtual Appliance Search vendor "Veritas" for product "Netbackup Virtual Appliance"				4.1.0.1 Search vendor "Veritas" for product "Netbackup Virtual Appliance" and version "4.1.0.1"		maintenance_release2		Affected
Siemens Search vendor "Siemens"		Operation Scheduler Search vendor "Siemens" for product "Operation Scheduler"				< 2.0.4 Search vendor "Siemens" for product "Operation Scheduler" and version " < 2.0.4"		-		Affected
Siemens Search vendor "Siemens"		Simatic Speech Assistant For Machines Search vendor "Siemens" for product "Simatic Speech Assistant For Machines"				< 1.2.1 Search vendor "Siemens" for product "Simatic Speech Assistant For Machines" and version " < 1.2.1"		-		Affected
Siemens Search vendor "Siemens"		Sinec Network Management System Search vendor "Siemens" for product "Sinec Network Management System"				< 1.0.3 Search vendor "Siemens" for product "Sinec Network Management System" and version " < 1.0.3"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.80 Search vendor "Siemens" for product "Sipass Integrated" and version "2.80"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.85 Search vendor "Siemens" for product "Sipass Integrated" and version "2.85"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.5 Search vendor "Siemens" for product "Siveillance Identity" and version "1.5"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.6 Search vendor "Siemens" for product "Siveillance Identity" and version "1.6"		-		Affected
Oracle Search vendor "Oracle"		Commerce Platform Search vendor "Oracle" for product "Commerce Platform"				11.3.2 Search vendor "Oracle" for product "Commerce Platform" and version "11.3.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"				22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.4.1 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.4.2 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.4.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Inventory Management Search vendor "Oracle" for product "Communications Unified Inventory Management"				7.5.0 Search vendor "Oracle" for product "Communications Unified Inventory Management" and version "7.5.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Bulk Data Integration Search vendor "Oracle" for product "Retail Bulk Data Integration"				16.0.3 Search vendor "Oracle" for product "Retail Bulk Data Integration" and version "16.0.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"				17.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "17.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"				18.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "18.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"				19.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "19.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration"				14.1.3.2 Search vendor "Oracle" for product "Retail Financial Integration" and version "14.1.3.2"		-		Affected
Oracle Search vendor "Oracle"		Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration"				15.0.3.1 Search vendor "Oracle" for product "Retail Financial Integration" and version "15.0.3.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration"				16.0.3 Search vendor "Oracle" for product "Retail Financial Integration" and version "16.0.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration"				19.0.1 Search vendor "Oracle" for product "Retail Financial Integration" and version "19.0.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus"				14.1.3.2 Search vendor "Oracle" for product "Retail Integration Bus" and version "14.1.3.2"		-		Affected
Oracle Search vendor "Oracle"		Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus"				15.0.3.1 Search vendor "Oracle" for product "Retail Integration Bus" and version "15.0.3.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus"				16.0.3 Search vendor "Oracle" for product "Retail Integration Bus" and version "16.0.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus"				19.0.1 Search vendor "Oracle" for product "Retail Integration Bus" and version "19.0.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System"				16.0.3 Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0.3"		-		Affected
Oracle Search vendor "Oracle"		Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System"				19.0.1 Search vendor "Oracle" for product "Retail Merchandising System" and version "19.0.1"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.4.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				14.1.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "14.1.1.0.0"		-		Affected