Lucene search
K

Oracle Business Process Management Suite (12.2.1.4.0) (April 2026 CPU)

🗓️ 24 Apr 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

BPM Suite 12.2.1.4.0 vulnerable to CVE 2025 52999 in Document Service; unauthenticated HTTP access may cause denial of service.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
7 Apr 202620:13
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999
14 Nov 202506:53
ibm
IBM Security Bulletins
Security Bulletin: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities
9 Feb 202615:27
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in jackson-core and UUID might affect IBM Storage Defender Copy Data Management
26 Jun 202617:03
ibm
IBM Security Bulletins
Security Bulletin: vulerability in IBM Spectrum Symphony with jackson-core
23 Oct 202520:29
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (July 2025)
18 Jul 202501:58
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in jackson-core affects IBM Cloud Pak System[CVE-2025-52999]
28 Jul 202515:35
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.
23 Sep 202521:02
ibm
IBM Security Bulletins
Security Bulletin: Rational Performance Tester contains vulnerabilities which could result in a potential denial of service
2 Jan 202617:56
ibm
IBM Security Bulletins
Security Bulletin: Jackson-Core Prior to 2.15.0 Due to Unbounded Nesting in JSON Input
23 Jul 202510:41
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(310113);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/27");

  script_cve_id("CVE-2025-52999");

  script_name(english:"Oracle Business Process Management Suite (12.2.1.4.0) (April 2026 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability,
as referenced in the April 2026 CPU advisory:

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware
    (component: Document Service (jackson-core)). The supported version that is affected is 12.2.1.4.0.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
    compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle
    Business Process Management Suite. (CVE-2025-52999)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuapr2026csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2026 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-52999");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:business_process_management_suite");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_bpm_installed.nbin");
  script_require_keys("installed_sw/Oracle Business Process Manager");

  exit(0);
}

include('vcf.inc');
var app_info = vcf::get_app_info(app:'Oracle Business Process Manager');

var constraints = [
  { 'min_version':'12.2.1.4.0', 'fixed_version' : '12.2.1.4.260416' }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Apr 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 48.7
EPSS0.00634
SSVC
4