An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

  - Vulnerability in the Oracle Database component of Oracle Database Server.  Supported versions that     are affected are 19.3-19.27 and  23.4-23.8. Easily exploitable vulnerability allows low privileged     attacker having Create Session, Create Procedure privilege with network access via Oracle Net to     compromise Oracle Database.  Successful attacks of this vulnerability can result in takeover of Oracle     Database. (CVE-2025-30751)

  - Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected     are 19.3-19.27 and  21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having     Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.
    While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change).
    Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete     access to all Java VM accessible data. (CVE-2025-50069)

  - Vulnerability in the Oracle Text (FreeType) component of Oracle Database Server.  Supported versions     that are affected are 19.3-19.27, 21.3-21.18 and  23.4-23.8. Difficult to exploit vulnerability allows     low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net     to compromise Oracle Text (FreeType).  Successful attacks of this vulnerability can result in takeover     of Oracle Text (FreeType). (CVE-2025-27363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that     contains a self-reference in one of its elements. This leads to a StackOverflowError exception being     thrown. (CVE-2023-1436)

Note that Nessus relies on the presence of the package as reported by the vendor.

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the January 2024 CPU advisory.

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Jettison)). Supported     versions that are affected are Prior to 23.8. Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel     CRM. (CVE-2023-1436)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: BI FNDN (Apache XMLBeans)). The supported version that is affected is 12.2.1.4.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise     Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash     (complete DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2021-23926)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Storage Service Integration (Nimbus JOSE+JWT)). The supported version that is affected is     12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2023-52428)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0     and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via     HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to s     ome of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access     to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2024-21139)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3622 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

    * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)     (CVE-2023-1370)

    * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

    * Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)

    * Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    * springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

    * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

    * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3663 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values     raising a stack overflow (CVE-2022-41966)

    * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)     (CVE-2023-1370)

    * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

    * log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

    * Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)

    * Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)

    * jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

    * http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)

    * springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)

    * jettison: parser crash by stackoverflow (CVE-2022-40149)

    * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

    * jackson-databind: use of deeply nested arrays (CVE-2022-42004)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    * jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline     Utility Steps Plugin (CVE-2023-32981)

    * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)

    * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

    * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 13.5.0.0 version of Enterprise Manager Base Platform product of Oracle Enterprise Manager installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory:

  - Vulnerability in the Agent Next Gen (jackson-databind) and Extensibility Framework (jackson-databind)   components of Enterprise Manager Base Platform. Easily exploitable vulnerability allows an unauthenticated   attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful   attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable   crash (complete DOS) of Oracle Enterprise Manager Base Platform. (CVE-2022-42003)

  - Vulnerability in the Agent Next Gen (Jettison) component of Enterprise Manager Base Platform. Easily   exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise   Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized   ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base   Platform. (CVE-2023-1436)

  - Vulnerability in the Log Management component of Enterprise Manager Base Platform. Difficult to exploit   vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle   Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the   attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may   significantly impact additional products (scope change). Successful attacks of this vulnerability can result   in  unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform   accessible data as well as  unauthorized update, insert or delete access to some of Oracle Enterprise   Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial   DOS) of Oracle Enterprise Manager Base Platform. (CVE-2024-20917)   Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 12.4.0.0 version of Enterprise Manager Ops Center installed on the remote host is affected by a vulnerability as referenced in the January 2024 CPU advisory. The vulnerability lies in the Networking (Jettison)) component of Enterprise Manager Ops Center. It is an easily exploitable vulnerability that allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Ops Center.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Identity Manager installed on the remote host is missing a security patch and is, therefore affected by multiple vulnerabilities as referenced in the October 2023 Critical Patch Update(CPU) advisory.

  - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party     (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager.     Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of Oracle Identity Manager. (CVE-2023-1436)

  - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party     (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity     Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete     access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset     of Oracle Identity Manager accessible data and unauthorized ability to cause a partial denial of service     (partial DOS) of Oracle Identity Manager. (CVE-2019-10086)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4920 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4918 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4919 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4506 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4507 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4505 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.11 and includes     bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for     information about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 6.4.0.0.0 and 7.0.0.0 installed on the remote host are affected by a vulnerability as referenced in the July 2023 CPU advisory. 

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0,     7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network     access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of     this vulnerability can result in unauthorized creation, deletion or modification access to critical data     or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to     critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.
    (CVE-2018-1282)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     Oracle Business Intelligence Enterprise Edition. (CVE-2022-33980)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and     7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human     interaction from a person other than the attacker and while the vulnerability is in Oracle Business     Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read     access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2023-28439)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the July 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Third Party Jars (Jettison)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2023-1436)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).     Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability     allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic     Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or     modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.     (CVE-2023-22040)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized     Thirdparty Jars (NekoHTML)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle     WebLogic Server. (CVE-2023-26119)

  Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6179-1 advisory.

    It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     cause a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2053 advisory.

    An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that     contains a self-reference in one of its elements. This leads to a StackOverflowError exception being     thrown. (CVE-2023-1436)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1948-1 advisory.

  - An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that     contains a self-reference in one of its elements. This leads to a StackOverflowError exception being     thrown. (CVE-2023-1436)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242296	Oracle Database Server (July 2025 CPU)	Nessus	Databases	critical
225983	Linux Distros Unpatched Vulnerability : CVE-2023-1436	Nessus	Misc.	high
212446	Oracle Siebel Server <= 23.7 (January 2024 CPU)	Nessus	Misc.	high
202908	Oracle Business Intelligence Enterprise Edition (July 2024 CPU)	Nessus	Misc.	critical
194300	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3622)	Nessus	Red Hat Local Security Checks	critical
194242	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3663)	Nessus	Red Hat Local Security Checks	critical
189242	Oracle Enterprise Manager Cloud Control (January 2024 CPU)	Nessus	Misc.	medium
189241	Oracle Enterprise Manager Ops Center (January 2024 CPU)	Nessus	Misc.	high
183511	Oracle Identity Manager (October 2023 CPU)	Nessus	Misc.	high
180419	RHEL 9 : Red Hat Single Sign-On 7.6.5 security update on RHEL 9 (Important) (RHSA-2023:4920)	Nessus	Red Hat Local Security Checks	high
180418	RHEL 7 : Red Hat Single Sign-On 7.6.5 security update on RHEL 7 (Important) (RHSA-2023:4918)	Nessus	Red Hat Local Security Checks	high
180417	RHEL 8 : Red Hat Single Sign-On 7.6.5 security update on RHEL 8 (Important) (RHSA-2023:4919)	Nessus	Red Hat Local Security Checks	high
179411	RHEL 8 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4506)	Nessus	Red Hat Local Security Checks	high
179410	RHEL 9 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4507)	Nessus	Red Hat Local Security Checks	high
179409	RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4505)	Nessus	Red Hat Local Security Checks	high
178710	Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)	Nessus	Misc.	critical
178618	Oracle WebLogic Server (July 2023 CPU)	Nessus	Misc.	critical
177454	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : Jettison vulnerability (USN-6179-1)	Nessus	Ubuntu Local Security Checks	high
176701	Amazon Linux 2 : jettison (ALAS-2023-2053)	Nessus	Amazon Linux Local Security Checks	high
174686	openSUSE 15 Security Update : jettison (SUSE-SU-2023:1948-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-1436

high

Tenable Plugins

critical

high

high

critical

critical

critical

medium

high

high

high

high

high

high

high

high

critical

critical

high

high

high