Search criteria
27 vulnerabilities found for SiPass integrated by Siemens
VAR-202112-0566
Vulnerability from variot - Updated: 2025-12-22 22:38Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected.
This update also fixes CVE-2020-9488 in the oldstable distribution (buster). Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
For the oldstable distribution (buster), this problem has been fixed in version 2.15.0-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.15.0-1~deb11u1.
We recommend that you upgrade your apache-log4j2 packages.
For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f wcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz 2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS Pjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM Kk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K Zkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb g8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF TOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8 6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW 2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o gyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw= =BY2+ -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- Bugs fixed (https://bugzilla.redhat.com/):
1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2021:5140-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:5140 Issue date: 2021-12-15 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- References:
https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/solutions/6577421 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYbmdF9zjgjWX9erEAQg7Bg//QTWXVl6Au/rNu96FO/u13bKZFX6Rj1Ev 6q++z9GpMumsxMxpXAkNGLk8rsB23XXC0gnOJjP8u0cZ+qN9l+Z1KG25bvJywm8t VrRcwsxlvxzOODp8ongvkJ20rARAHEyMtSjTy/NkSNiZUBHWTqw0u7LDwaaO+r8T fEmRC3t4GJ1gUiqjMeLWjpi7bvl4GcXDHD+Jbf4a10PHYZAC5I0Oh4j/DJYH31CT cbKOd4CCiuERnbR1Y/ZCWNxpgonwCD12Q+bXbmTc+/oGW0zmqI5OwXgy2w56yCdy EYXUfPK2e0EoFCcQxa4yC2YmRS6VRix1KYLy5XKaHFaV4RRqkbsL2yDCr4/EUeRy a7jeJK7wcbpbR0iKijQJuF00+pqpOmBn5sqV5P+IUyD7Iwt6C5OqsRinLS6OWP7D 85iS55Vf7bY8ZLvz8x7v3IsFx6vuLV6YD8S504oKrX5aQI/pUYz9XVH7hMAlhFdB wlETMdxdk6oiEpPwi9/DBse0/aFGLuXW9vDD5X6BzW9ZZs+cpyJGtWH6ep5lVear Fi4N7Easy+iT/K8g9tJOiTy9O2SIr5S2AJvmu7j9YqXtm2qOPuY8U8FjaXXFVDgF maPElBFrg9V46XaBp1IQXH3UZ6869nP9XMt2kh8rCm3zHbA6R5kzaXW93hbzKJcl abX8PaJHiOs=v55Q -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021
apache-log4j2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes. Solution:
See the following documentation, which will be updated shortly for release 3.11.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html
This update is available via the Red Hat Network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1g\\)"
},
{
"model": "cloud connect",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "nexus insights",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.001\\)"
},
{
"model": "mindsphere",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-16"
},
{
"model": "cloudcenter workload manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"model": "optical network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "snow commander",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "8.10.0"
},
{
"model": "xpedition enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.044"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.003.000"
},
{
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.13"
},
{
"model": "iot operations dashboard",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.005.000.000"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "9.0"
},
{
"model": "unified contact center express",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "siguard dsa",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.4"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"model": "enterprise chat and email",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(3\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1k\\)"
},
{
"model": "secure device onboard",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "data center network manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1f\\)"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.0"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "008.000.000"
},
{
"model": "system studio",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.2"
},
{
"model": "solidfire enterprise sds",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.2.1"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(2\\)"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(001\\)"
},
{
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.000"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(1.26\\)"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "dna spaces connector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "energy engage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "operation scheduler",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "sppa-t3000 ses3000",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5\\(1\\)"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "packaged contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "network assurance engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1912\\)"
},
{
"model": "oneapi sample browser",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "siveillance command",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.16.2.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6"
},
{
"model": "unified communications manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(001\\)"
},
{
"model": "unified intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "opcenter intelligence",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "crosswork data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "cyber vision sensor management extension",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "synchro",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.2.4.2"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "synchro 4d",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.4.3.2"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.3"
},
{
"model": "solid edge harness design",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "finesse",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "unity connection",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1\\(1\\)"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "workload optimization manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2\\(1\\)"
},
{
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.6\\)"
},
{
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"model": "crosswork platform infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4.2.1"
},
{
"model": "ucs central",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1p\\)"
},
{
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10\\(0.15\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1e\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1c\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.21900.40\\)"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(1\\)"
},
{
"model": "unified contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"model": "capital",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"model": "nx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "opcenter intelligence",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "dna spaces\\: connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3.4.1"
},
{
"model": "unified customer voice portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.10000.6\\)"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "dna center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.1"
},
{
"model": "network services orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18900.97\\)"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.002\\)"
},
{
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.000\\)"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(1\\)"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.009"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.003.001.001"
},
{
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.4"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(2.26\\)"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.000.115"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "solid edge cam pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1b\\)"
},
{
"model": "virtualized infrastructure manager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.0"
},
{
"model": "unified communications manager im and presence service",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "spectrum power 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gma-manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6.2j-398"
},
{
"model": "unified workforce optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "virtual topology system",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.7"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.0"
},
{
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.005.000."
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.004\\(000.914\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1h\\)"
},
{
"model": "contact center domain manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "intersight virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-343"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"model": "virtualized voice browser",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4\\(1\\)"
},
{
"model": "fog director",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "identity services engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"model": "vesys",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "common services platform collector",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0"
},
{
"model": "optical network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0"
},
{
"model": "teamcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18119.2\\)"
},
{
"model": "head-end system universal device integration system",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.65000.14\\)"
},
{
"model": "e-car operation center",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "automated subsea tuning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "02.01.00"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "008.000.000.000.004"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.17900.52\\)"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "network insights for data center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1914\\)"
},
{
"model": "contact center management portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "genomics kernel library",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.002\\(000.116\\)"
},
{
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "logo\\! soft comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cloudcenter",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0\\(1\\)"
},
{
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5\\(1\\)"
},
{
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(2\\)"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.8"
},
{
"model": "energyip prepay",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.8.0.12"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.28\\)"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(4.018\\)"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.2"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1a\\)"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "dna spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3\\(0\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5\\(0\\)"
},
{
"model": "cloudcenter cost optimizer",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"model": "spectrum power 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.3.1"
},
{
"model": "rhythmyx",
"scope": "lte",
"trust": 1.0,
"vendor": "percussion",
"version": "7.3.2"
},
{
"model": "siguard dsa",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.1"
},
{
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "wan automation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.0.2"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(1\\)"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)su3"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7"
},
{
"model": "automated subsea tuning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.4"
},
{
"model": "industrial edge management hub",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.15.0"
},
{
"model": "webex meetings server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.000.001"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.5"
},
{
"model": "crosswork network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"model": "spectrum power 4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"model": "industrial edge management",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.003.003"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "crosswork platform infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5.1.1"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1d\\)"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.66000.14\\)"
},
{
"model": "advanced malware protection virtual private cloud appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.4"
},
{
"model": "prime service catalog",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"model": "mendix",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "video surveillance operations manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14.4"
},
{
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(3.025\\)"
},
{
"model": "siveillance viewpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.1.3"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.001\\(000.518\\)"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.001\\)"
},
{
"model": "solidfire \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "spectrum power 7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"model": "cloud insights",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.4.1"
},
{
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0.1"
},
{
"model": "broadworks",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2021.11_1.162"
},
{
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020.1"
},
{
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.000"
},
{
"model": "capital",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "unified sip proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2.1v2"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "emergency responder",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4\\)"
},
{
"model": "network assurance engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"model": "cyber vision",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1l\\)"
},
{
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.4\\(1\\)"
},
{
"model": "comos",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.4.2"
},
{
"model": "siveillance vantage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "virtual topology system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.6"
},
{
"model": "crosswork network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "cx cloud agent",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "001.012"
},
{
"model": "nexus dashboard",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2"
},
{
"model": "connected mobile experiences",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "crosswork zero touch provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.5.2"
},
{
"model": "siveillance control pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "computer vision annotation tool",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.0"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(000\\)"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2021.1"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "intersight virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-361"
},
{
"model": "crosswork optimization engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2.8"
},
{
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.003\\(002.000\\)"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.004.000.003"
},
{
"model": "paging server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "14.4.1"
},
{
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.0"
},
{
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.000\\)"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "21.3"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.008\\(001.000\\)"
},
{
"model": "unified workforce optimization",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "vm access proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "3.6"
},
{
"model": "crosswork optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "packaged contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"model": "cyber vision sensor management extension",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.000\\(000.458\\)"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"model": "broadworks",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.2"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.002.000"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "integrated management controller supervisor",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "synchro",
"scope": "gte",
"trust": 1.0,
"vendor": "bentley",
"version": "6.1"
},
{
"model": "brocade san navigator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3"
},
{
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.3"
},
{
"model": "ucs director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.8.2.0"
},
{
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "evolved programmable network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"model": "cloudcenter suite admin",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.1"
},
{
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.7"
},
{
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"model": "navigator",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "datacenter manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "5.1"
},
{
"model": "connected analytics for network deployment",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "007.001.000"
},
{
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"model": "xpedition package integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "solid edge harness design",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(000\\)"
},
{
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "customer experience cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.12.1"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.010\\(000.000\\)"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.006\\(000.156\\)"
},
{
"model": "smart phy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.007\\(000.356\\)"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.002\\)"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.5"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.5.1"
},
{
"model": "mobility services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-44228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-407408",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-408570",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44228",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-799",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-407408",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408570",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. \n\nThis update also fixes CVE-2020-9488 in the oldstable distribution\n(buster). Improper validation of certificate with host mismatch in Apache Log4j\nSMTP appender. This could allow an SMTPS connection to be intercepted by a\nman-in-the-middle attack which could leak any log messages sent through that\nappender. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.15.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.15.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f\nwcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz\n2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS\nPjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM\nKk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K\nZkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb\ng8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF\nTOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8\n6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW\n2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o\ngyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw=\n=BY2+\n-----END PGP SIGNATURE-----\n. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties\n1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up\n1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists\n1901304 - CVE-2020-27782 undertow: special character in query results in server errors\n1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation\n1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up\n1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack\n1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure\n1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads\n1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception\n1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents\n1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF\n1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks\n1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode\n1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6\n1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library\n1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate\n1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS\n1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory\n1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter\n1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application\n1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout\n1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS\n1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server\n1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS\n1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1775 - [release-5.2] Syslog output is serializing json incorrectly\nLOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing\nLOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]\nLOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4 security update\nAdvisory ID: RHSA-2021:5140-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5140\nIssue date: 2021-12-15\nCVE Names: CVE-2021-44228\n====================================================================\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise\nApplication Platform 7.4. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n3. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4\nhttps://access.redhat.com/solutions/6577421\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYbmdF9zjgjWX9erEAQg7Bg//QTWXVl6Au/rNu96FO/u13bKZFX6Rj1Ev\n6q++z9GpMumsxMxpXAkNGLk8rsB23XXC0gnOJjP8u0cZ+qN9l+Z1KG25bvJywm8t\nVrRcwsxlvxzOODp8ongvkJ20rARAHEyMtSjTy/NkSNiZUBHWTqw0u7LDwaaO+r8T\nfEmRC3t4GJ1gUiqjMeLWjpi7bvl4GcXDHD+Jbf4a10PHYZAC5I0Oh4j/DJYH31CT\ncbKOd4CCiuERnbR1Y/ZCWNxpgonwCD12Q+bXbmTc+/oGW0zmqI5OwXgy2w56yCdy\nEYXUfPK2e0EoFCcQxa4yC2YmRS6VRix1KYLy5XKaHFaV4RRqkbsL2yDCr4/EUeRy\na7jeJK7wcbpbR0iKijQJuF00+pqpOmBn5sqV5P+IUyD7Iwt6C5OqsRinLS6OWP7D\n85iS55Vf7bY8ZLvz8x7v3IsFx6vuLV6YD8S504oKrX5aQI/pUYz9XVH7hMAlhFdB\nwlETMdxdk6oiEpPwi9/DBse0/aFGLuXW9vDD5X6BzW9ZZs+cpyJGtWH6ep5lVear\nFi4N7Easy+iT/K8g9tJOiTy9O2SIr5S2AJvmu7j9YqXtm2qOPuY8U8FjaXXFVDgF\nmaPElBFrg9V46XaBp1IQXH3UZ6869nP9XMt2kh8rCm3zHbA6R5kzaXW93hbzKJcl\nabX8PaJHiOs=v55Q\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-5192-2\nDecember 17, 2021\n\napache-log4j2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nApache Log4j 2 could be made to crash or run programs as an administrator\nif it received a specially crafted input. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run\n programs via a special crafted input. An attacker could use this vulnerability\n to cause a denial of service or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n liblog4j2-java 2.4-2ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. Solution:\n\nSee the following documentation, which will be updated shortly for release\n3.11.z, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "169172"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165298"
},
{
"db": "PACKETSTORM",
"id": "165324"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165348"
},
{
"db": "PACKETSTORM",
"id": "165264"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-407408",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44228",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-714170",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-661247",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-397453",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/14/4",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/15/3",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "165311",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165225",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165532",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165281",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165306",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165260",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165673",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165282",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165371",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167794",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167917",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165270",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165261",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165642",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165307",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/1",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "171626",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "165324",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165348",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165733",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166313",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165279",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "50592",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012045",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010629",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021428",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062001",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010908",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122403",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121720",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021123016",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010421",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031501",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122907",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121652",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121492",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010522",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121201",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121535",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122721",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032006",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060808",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122401",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121350",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030923",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022020607",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012439",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011042",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021807",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010322",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122122",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0090",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0492",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4211",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4187.6",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0237",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4236",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0080",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4186.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4269",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4198",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4316",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0247",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1188",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4302.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4256.2",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022120027",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2021120069",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022080025",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022010065",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-76573",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-357-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-034-01",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "51183",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165329",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "165343",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165333",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165298",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165326",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165289",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165264",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165297",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/18/1",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-01776",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408570",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "169172"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165298"
},
{
"db": "PACKETSTORM",
"id": "165324"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165348"
},
{
"db": "PACKETSTORM",
"id": "165264"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"id": "VAR-202112-0566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
}
],
"trust": 0.81917748
},
"last_update_date": "2025-12-22T22:38:09.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache Log4j Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=174249"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.2
},
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-917",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html"
},
{
"trust": 1.8,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"trust": 1.8,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213189"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/mar/23"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/jul/11"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/2"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html"
},
{
"trust": 1.7,
"url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228"
},
{
"trust": 1.7,
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html"
},
{
"trust": 1.7,
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md"
},
{
"trust": 1.7,
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"trust": 1.7,
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"trust": 1.7,
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 1.1,
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-44228"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 0.8,
"url": "cve-2021-4104 "
},
{
"trust": 0.8,
"url": "cve-2021-44228 "
},
{
"trust": 0.8,
"url": "cve-2021-45046 "
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010908"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060808"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010629"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072076"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6527216"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4316"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0080"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528268"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122212"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121201"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50592"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022080025"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011042"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121720"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122018"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0237"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122811"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022010065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122401"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021807"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021123016"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121350"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4211"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062001"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122403"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122721"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010522"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010322"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022120027"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525816"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122907"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060708"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/51183"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021428"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6526220"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4269"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213189"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012439"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022020607"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4256.2"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071316"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032006"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0332"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1188"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0492"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6526754"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021120069"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0090"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4236"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121652"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6527330"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4198"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121492"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031501"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4274"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-76573"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012045"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121535"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010421"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0247"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-5022"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
},
{
"trust": 0.1,
"url": "https://www.cve.org/cverecord?id=cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache-log4j2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5134"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22118"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5140"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/6577421"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5197-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5148"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5192-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5192-2"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "169172"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165298"
},
{
"db": "PACKETSTORM",
"id": "165324"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165348"
},
{
"db": "PACKETSTORM",
"id": "165264"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "169172"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165298"
},
{
"db": "PACKETSTORM",
"id": "165324"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165348"
},
{
"db": "PACKETSTORM",
"id": "165264"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CERT/CC",
"id": "VU#930724"
},
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-407408"
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-408570"
},
{
"date": "2021-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "169172"
},
{
"date": "2021-12-15T15:25:47",
"db": "PACKETSTORM",
"id": "165294"
},
{
"date": "2021-12-15T15:27:05",
"db": "PACKETSTORM",
"id": "165296"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2021-12-15T15:23:16",
"db": "PACKETSTORM",
"id": "165289"
},
{
"date": "2021-12-15T15:28:00",
"db": "PACKETSTORM",
"id": "165298"
},
{
"date": "2021-12-16T15:20:38",
"db": "PACKETSTORM",
"id": "165324"
},
{
"date": "2021-12-16T15:25:46",
"db": "PACKETSTORM",
"id": "165329"
},
{
"date": "2021-12-17T14:06:52",
"db": "PACKETSTORM",
"id": "165348"
},
{
"date": "2021-12-14T15:34:14",
"db": "PACKETSTORM",
"id": "165264"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"date": "2021-12-10T10:15:09.143000",
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-07T00:00:00",
"db": "CERT/CC",
"id": "VU#930724"
},
{
"date": "2023-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-407408"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-408570"
},
{
"date": "2023-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-799"
},
{
"date": "2025-10-27T17:40:33.680000",
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165348"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-799"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j allows insecure JNDI lookups",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165289"
},
{
"db": "PACKETSTORM",
"id": "165298"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165264"
}
],
"trust": 0.6
}
}
VAR-202112-0562
Vulnerability from variot - Updated: 2025-12-22 21:29It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].
- Solution:
To install this update, do the following:
- Download the Data Grid 8.2.3 server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
References:
https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
- Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0562",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "energyip prepay",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.8"
},
{
"model": "solid edge harness design",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "logo\\! soft comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "siveillance vantage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "siguard dsa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "siguard dsa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "audio development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xpedition enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "comos",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "siveillance control pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "tracealertserverplus",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "spectrum power 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "nx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "9.0"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7"
},
{
"model": "opcenter intelligence",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.12"
},
{
"model": "secure device onboard",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "industrial edge management hub",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "energyip prepay",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.7"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6"
},
{
"model": "system studio",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "siguard dsa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.2"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "solid edge cam pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "spectrum power 4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "spectrum power 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"model": "industrial edge management",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "captial",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "gma-manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6.2j-398"
},
{
"model": "oneapi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "computer vision annotation tool",
"scope": "eq",
"trust": 1.0,
"vendor": "cvat",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mendix",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "energy engage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "operation scheduler",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"model": "sppa-t3000 ses3000",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "navigator",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.16.0"
},
{
"model": "siveillance viewpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "spectrum power 7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"model": "xpedition package integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "solid edge harness design",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "sensor solution development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "captial",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "siveillance command",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.16.2.1"
},
{
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"model": "vesys",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"model": "system debugger",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "teamcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "datacenter manager",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "head-end system universal device integration system",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mindsphere",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-11"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.5"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "e-car operation center",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"model": "genomics kernel library",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"cve": "CVE-2021-45046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-45046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-45046",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45046",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-45046",
"trust": 1.0,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45046"
},
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html\n\n4. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID: RHSA-2022:0205-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0205\nIssue date: 2022-01-20\nCVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45046"
},
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165333"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45046",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-397453",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-714170",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-661247",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/18/1",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/15/3",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/14/4",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "165329",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165333",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165343",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166676",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166677",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165333"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"id": "VAR-202112-0562",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.64472221
},
"last_update_date": "2025-12-22T21:29:24.076000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-917",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"trust": 1.0,
"url": "https://www.cve.org/cverecord?id=cve-2021-44228"
},
{
"trust": 1.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.0,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.0,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-45046"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2021/dsa-5022"
},
{
"trust": 0.8,
"url": "cve-2021-4104 "
},
{
"trust": 0.8,
"url": "cve-2021-44228 "
},
{
"trust": 0.8,
"url": "cve-2021-45046 "
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5148"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5106"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/6577421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1296"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165333"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165333"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CERT/CC",
"id": "VU#930724"
},
{
"date": "2021-12-16T15:25:46",
"db": "PACKETSTORM",
"id": "165329"
},
{
"date": "2021-12-16T15:34:27",
"db": "PACKETSTORM",
"id": "165333"
},
{
"date": "2021-12-17T14:05:45",
"db": "PACKETSTORM",
"id": "165343"
},
{
"date": "2022-01-20T17:49:52",
"db": "PACKETSTORM",
"id": "165636"
},
{
"date": "2022-01-20T18:11:03",
"db": "PACKETSTORM",
"id": "165645"
},
{
"date": "2022-04-11T17:14:49",
"db": "PACKETSTORM",
"id": "166676"
},
{
"date": "2022-04-11T17:15:55",
"db": "PACKETSTORM",
"id": "166677"
},
{
"date": "2021-12-14T19:15:07.733000",
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-07T00:00:00",
"db": "CERT/CC",
"id": "VU#930724"
},
{
"date": "2025-10-27T17:35:56.240000",
"db": "NVD",
"id": "CVE-2021-45046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Log4j allows insecure JNDI lookups",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165329"
},
{
"db": "PACKETSTORM",
"id": "165333"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165645"
}
],
"trust": 0.5
}
}
VAR-202510-0482
Vulnerability from variot - Updated: 2025-11-22 23:12A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation. Siemens' SiPass integrated Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"cve": "CVE-2025-40772",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2025-40772",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-40772",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2025-40772",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2025-40772",
"trust": 1.0,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-40772",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2025-40772",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. \r\n\r\nSuccessful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation. Siemens\u0027 SiPass integrated Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40772"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40772",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-599451",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-289-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90351979",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016454",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"id": "VAR-202510-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-11-22T23:12:01.430000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90351979/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40772"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"date": "2025-10-14T10:15:38.470000",
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T07:14:00",
"db": "JVNDB",
"id": "JVNDB-2025-016454"
},
{
"date": "2025-10-16T15:02:58.310000",
"db": "NVD",
"id": "CVE-2025-40772"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0SiPass\u00a0integrated\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016454"
}
],
"trust": 0.8
}
}
VAR-202510-0483
Vulnerability from variot - Updated: 2025-11-22 23:12A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.
Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. Siemens' SiPass integrated contains a vulnerability related to storing passwords in a recoverable format.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"cve": "CVE-2025-40774",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2025-40774",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-016445",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2025-40774",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2025-016445",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. \r\n\r\nSuccessful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. Siemens\u0027 SiPass integrated contains a vulnerability related to storing passwords in a recoverable format.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40774"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40774",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-599451",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-289-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90351979",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016445",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"id": "VAR-202510-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-11-22T23:12:01.394000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-257",
"trust": 1.0
},
{
"problemtype": "Password storage in recoverable form (CWE-257) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90351979/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40774"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"date": "2025-10-14T10:15:38.850000",
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2025-016445"
},
{
"date": "2025-10-16T14:09:09.060000",
"db": "NVD",
"id": "CVE-2025-40774"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0SiPass\u00a0integrated\u00a0 Vulnerability in storing passwords in a recoverable format in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016445"
}
],
"trust": 0.8
}
}
VAR-202510-0484
Vulnerability from variot - Updated: 2025-11-22 23:11A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.
Successful exploitation allows an attacker to potentially manipulate data belonging to other users. Siemens' SiPass integrated Exists in a user-controlled key authentication evasion vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0484",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "3.00"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"cve": "CVE-2025-40773",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2025-40773",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2025-40773",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2025-40773",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2025-40773",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-40773",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2025-40773",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. \r\n\r\nSuccessful exploitation allows an attacker to potentially manipulate data belonging to other users. Siemens\u0027 SiPass integrated Exists in a user-controlled key authentication evasion vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-40773"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-40773",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-599451",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-289-06",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90351979",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-016446",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"id": "VAR-202510-0484",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-11-22T23:11:59.394000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-639",
"trust": 1.0
},
{
"problemtype": "Avoid authentication with user-controlled keys (CWE-639) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90351979/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-40773"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"date": "2025-10-14T10:15:38.667000",
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-20T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2025-016446"
},
{
"date": "2025-10-16T15:01:12.293000",
"db": "NVD",
"id": "CVE-2025-40773"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0SiPass\u00a0integrated\u00a0 Vulnerability in user-controlled key authentication evasion in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-016446"
}
],
"trust": 0.8
}
}
VAR-202203-1506
Vulnerability from variot - Updated: 2025-11-21 21:36A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary:
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This asynchronous security patch is an update to Red Hat Decision Manager 7.
Security Fix(es):
- spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars.
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+
- References:
https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinec network management system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "cx cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "operation scheduler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.4"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.200"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "3.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.100"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.2"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "simatic speech assistant for machines",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.20"
},
{
"model": "mysql enterprise monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "1.3"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.18"
},
{
"model": "communications cloud native core network exposure function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Will DormannWe have not received a statement from the vendor.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
}
],
"trust": 0.8
},
"cve": "CVE-2022-22965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411825",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID: RHSA-2022:1379-01\nProduct: Red Hat Decision Manager\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1379\nIssue date: 2022-04-14\nCVE Names: CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411825",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22965",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#970766",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166713",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167011",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-254054",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022040109",
"trust": 1.2
},
{
"db": "CS-HELP",
"id": "SB2022033109",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "166874",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166691",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166732",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060716",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042546",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060304",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071213",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042277",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072087",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041951",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042126",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1844",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1636",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1444.8",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1674",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-05",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411825",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166731",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"id": "VAR-202203-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
],
"trust": 0.70416665
},
"last_update_date": "2025-11-21T21:36:38.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Spring Framework Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187595"
},
{
"title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221378 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221379 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221627 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221360 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221333 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221306 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221626 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
},
{
"title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/coffeehb/Spring4Shell "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22965"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-22965"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"trust": 0.8,
"url": "cve-2022-22965 "
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1378"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-27T18:19:24",
"db": "PACKETSTORM",
"id": "166874"
},
{
"date": "2022-04-27T18:18:11",
"db": "PACKETSTORM",
"id": "166872"
},
{
"date": "2022-04-11T17:36:49",
"db": "PACKETSTORM",
"id": "166691"
},
{
"date": "2022-04-13T15:01:19",
"db": "PACKETSTORM",
"id": "166706"
},
{
"date": "2022-04-13T22:20:55",
"db": "PACKETSTORM",
"id": "166715"
},
{
"date": "2022-04-15T15:24:03",
"db": "PACKETSTORM",
"id": "166731"
},
{
"date": "2022-04-15T15:24:12",
"db": "PACKETSTORM",
"id": "166732"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2022-04-01T23:15:13.870000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2025-10-30T19:56:43.110000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
}
}
VAR-202505-2079
Vulnerability from variot - Updated: 2025-08-26 22:54A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. Siemens' SiPass integrated Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-2079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.95.3.18"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "2.95.3.18"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"cve": "CVE-2022-31812",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31812",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-026240",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2022-31812",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2022-026240",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. Siemens\u0027 SiPass integrated Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31812"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31812",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-041082",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-148-02",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92528757",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026240",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"id": "VAR-202505-2079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-08-26T22:54:06.175000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92528757/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31812"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"date": "2025-05-23T15:15:21.437000",
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-25T06:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-026240"
},
{
"date": "2025-08-22T19:37:02.577000",
"db": "NVD",
"id": "CVE-2022-31812"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0SiPass\u00a0integrated\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026240"
}
],
"trust": 0.8
}
}
VAR-201708-1519
Vulnerability from variot - Updated: 2025-04-20 23:22A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. Siemens SiPass integrated Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities: 1. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable. An attacker could exploit this vulnerability to obtain certificates on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated mp2.6",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.5",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.4",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sipass integrated",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sipass_integrated",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens",
"sources": [
{
"db": "BID",
"id": "99578"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9942",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-14601",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "47137c94-f064-4aa1-96c4-9cad2593f752",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-118145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-9942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9942",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9942",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-14601",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-604",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118145",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "VULHUB",
"id": "VHN-118145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. Siemens SiPass integrated Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\n3. A man-in-the-middle security bypass vulnerability\n4. An information-disclosure vulnerability\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. \nVersions prior to SiPass integrated 2.70 are vulnerable. An attacker could exploit this vulnerability to obtain certificates on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "VULHUB",
"id": "VHN-118145"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9942",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-339433",
"trust": 2.6
},
{
"db": "BID",
"id": "99578",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-14601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-194-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "47137C94-F064-4AA1-96C4-9CAD2593F752",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118145",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "VULHUB",
"id": "VHN-118145"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"id": "VAR-201708-1519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "VULHUB",
"id": "VHN-118145"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
}
]
},
"last_update_date": "2025-04-20T23:22:12.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-339433",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"title": "Siemens SiPass integrated credentials to obtain patches for vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98174"
},
{
"title": "Siemens SiPass integrated Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-257",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9942"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9942"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-194-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "VULHUB",
"id": "VHN-118145"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"db": "VULHUB",
"id": "VHN-118145"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118145"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"date": "2017-08-08T00:29:00.477000",
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14601"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118145"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006974"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-604"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass integrated Credential acquisition vulnerability",
"sources": [
{
"db": "IVD",
"id": "47137c94-f064-4aa1-96c4-9cad2593f752"
},
{
"db": "CNVD",
"id": "CNVD-2017-14601"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-604"
}
],
"trust": 0.6
}
}
VAR-201708-1518
Vulnerability from variot - Updated: 2025-04-20 23:22A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities: 1. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable. An attacker could exploit this vulnerability to read and alter network communications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1518",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated mp2.6",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.5",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.4",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sipass integrated",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sipass_integrated",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens",
"sources": [
{
"db": "BID",
"id": "99578"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9941",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-14602",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118144",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-9941",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9941",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9941",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-14602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-605",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118144",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "VULHUB",
"id": "VHN-118144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\n3. A man-in-the-middle security bypass vulnerability\n4. An information-disclosure vulnerability\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. \nVersions prior to SiPass integrated 2.70 are vulnerable. An attacker could exploit this vulnerability to read and alter network communications",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9941"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "VULHUB",
"id": "VHN-118144"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9941",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-339433",
"trust": 2.6
},
{
"db": "BID",
"id": "99578",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-14602",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-194-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "776376B5-C94B-4524-9A3A-ECD13C2DFE59",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118144",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "VULHUB",
"id": "VHN-118144"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"id": "VAR-201708-1518",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "VULHUB",
"id": "VHN-118144"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
}
]
},
"last_update_date": "2025-04-20T23:22:12.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-339433",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"title": "Siemens SiPass integrated patch for unauthorized operating vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98175"
},
{
"title": "Siemens SiPass integrated Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71719"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-300",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9941"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9941"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-194-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "VULHUB",
"id": "VHN-118144"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"db": "VULHUB",
"id": "VHN-118144"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "IVD",
"id": "776376b5-c94b-4524-9a3a-ecd13c2dfe59"
},
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118144"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"date": "2017-08-08T00:29:00.447000",
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14602"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118144"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006973"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-605"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9941"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass integrated Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-605"
}
],
"trust": 0.6
}
}
VAR-201708-1516
Vulnerability from variot - Updated: 2025-04-20 23:22A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations. Siemens SiPass integrated Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities: 1. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated mp2.6",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.5",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.4",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sipass integrated",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sipass_integrated",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens",
"sources": [
{
"db": "BID",
"id": "99578"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9939",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9939",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14604",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118142",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9939",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9939",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9939",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-14604",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-607",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118142",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "VULHUB",
"id": "VHN-118142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations. Siemens SiPass integrated Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\n3. A man-in-the-middle security bypass vulnerability\n4. An information-disclosure vulnerability\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. \nVersions prior to SiPass integrated 2.70 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9939"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "VULHUB",
"id": "VHN-118142"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9939",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-339433",
"trust": 2.6
},
{
"db": "BID",
"id": "99578",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-14604",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-194-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "C47674F6-161E-4F65-A530-CE61AE3F1527",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118142",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "VULHUB",
"id": "VHN-118142"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"id": "VAR-201708-1516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "VULHUB",
"id": "VHN-118142"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
}
]
},
"last_update_date": "2025-04-20T23:22:12.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-339433",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"title": "Siemens SiPass integrated certification to bypass the vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98177"
},
{
"title": "Siemens SiPass integrated Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71721"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9939"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9939"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-194-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "VULHUB",
"id": "VHN-118142"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"db": "VULHUB",
"id": "VHN-118142"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118142"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"date": "2017-08-08T00:29:00.383000",
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14604"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118142"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006971"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-607"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass integrated Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c47674f6-161e-4f65-a530-ce61ae3f1527"
},
{
"db": "CNVD",
"id": "CNVD-2017-14604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-607"
}
],
"trust": 0.6
}
}
VAR-201708-1517
Vulnerability from variot - Updated: 2025-04-20 23:22A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. There is a file read/write vulnerability in Siemens SiPass integrated. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "2.70"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.65"
},
{
"model": "sipass integrated mp2.6",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.5",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated mp2.4",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sipass integrated",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.70"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sipass integrated",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sipass_integrated",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens",
"sources": [
{
"db": "BID",
"id": "99578"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9940",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-9940",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14603",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-118143",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9940",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9940",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9940",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-14603",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-606",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "VULHUB",
"id": "VHN-118143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. There is a file read/write vulnerability in Siemens SiPass integrated. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\n3. A man-in-the-middle security bypass vulnerability\n4. An information-disclosure vulnerability\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. \nVersions prior to SiPass integrated 2.70 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9940"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "VULHUB",
"id": "VHN-118143"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9940",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-339433",
"trust": 2.6
},
{
"db": "BID",
"id": "99578",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-14603",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-194-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "6BA0449D-BE86-414D-9D46-B1977CF1C756",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118143",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "VULHUB",
"id": "VHN-118143"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"id": "VAR-201708-1517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "VULHUB",
"id": "VHN-118143"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
}
]
},
"last_update_date": "2025-04-20T23:22:12.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-339433",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"title": "Siemens SiPass integrated file read and write vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98176"
},
{
"title": "Siemens SiPass integrated Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71720"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118143"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9940"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9940"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-194-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "VULHUB",
"id": "VHN-118143"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"db": "VULHUB",
"id": "VHN-118143"
},
{
"db": "BID",
"id": "99578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "IVD",
"id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
},
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118143"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"date": "2017-08-08T00:29:00.417000",
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14603"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118143"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99578"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006972"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-606"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9940"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass integrated Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-606"
}
],
"trust": 0.6
}
}
VAR-201211-0361
Vulnerability from variot - Updated: 2025-04-11 23:14AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. A buffer overflow vulnerability exists in the SiPass server processing message. Siemens SiPass Integrated is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. Siemens SiPass integrated MP2.6 and earlier are affected. There are currently known arbitrary pointer reference attacks and buffer overflow attacks. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SiPass Integrated Message Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA50900
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50900
RELEASE DATE: 2012-10-09
DISCUSS ADVISORY: http://secunia.com/advisories/50900/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50900/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50900
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Siemens SiPass Integrated, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions MP2.6 and prior.
SOLUTION: Apply hotfix available via support.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Lucas Apa, IOActive.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lte",
"trust": 1.8,
"vendor": "siemens",
"version": "mp2.6"
},
{
"model": "sipass integrated mp",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2.6"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "mp2.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sipass integrated",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sipass_integrated",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lucas Apa of IOActive",
"sources": [
{
"db": "BID",
"id": "55835"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-5409",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-58690",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-5409",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-5409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201210-251",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-58690",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. A buffer overflow vulnerability exists in the SiPass server processing message. Siemens SiPass Integrated is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. \nSiemens SiPass integrated MP2.6 and earlier are affected. There are currently known arbitrary pointer reference attacks and buffer overflow attacks. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SiPass Integrated Message Processing Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA50900\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50900/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50900\n\nRELEASE DATE:\n2012-10-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50900/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50900/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50900\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Siemens SiPass Integrated, which\ncan be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in versions MP2.6 and prior. \n\nSOLUTION:\nApply hotfix available via support. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Lucas Apa, IOActive. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5409"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "BID",
"id": "55835"
},
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "PACKETSTORM",
"id": "117249"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58690",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58690"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5409",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-305-01",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-938777",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "50900",
"trust": 1.3
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "86129",
"trust": 1.1
},
{
"db": "BID",
"id": "55835",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-5662",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "47137",
"trust": 0.6
},
{
"db": "IVD",
"id": "471BC9C0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "834F0BD2-1F52-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-76202",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22397",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117249",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "BID",
"id": "55835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "PACKETSTORM",
"id": "117249"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"id": "VAR-201211-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "VULHUB",
"id": "VHN-58690"
}
],
"trust": 1.725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
}
]
},
"last_update_date": "2025-04-11T23:14:44.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Siemens SiPass integrated",
"trust": 0.8,
"url": "http://www.sipass-access-control.com/ssp-sipass/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-938777: Possible Remote Code Execution in SiPass Server",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens SiPass Integrated \u0027SiPass server\u0027 component buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23541"
},
{
"title": "Siemens SiPass Integrated Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123575"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-305-01"
},
{
"trust": 1.1,
"url": "http://ioactive.com/pdfs/siemens_sipass_integrated_ethernet_bus_arbitrary_pointer_dereference_v4.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/86129"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/50900"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5409"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-305-01.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5409"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47137"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50900"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50900/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50900/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "PACKETSTORM",
"id": "117249"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "VULHUB",
"id": "VHN-58690"
},
{
"db": "BID",
"id": "55835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"db": "PACKETSTORM",
"id": "117249"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-16T00:00:00",
"db": "IVD",
"id": "471bc9c0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-10-11T00:00:00",
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"date": "2012-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"date": "2012-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-58690"
},
{
"date": "2012-10-09T00:00:00",
"db": "BID",
"id": "55835"
},
{
"date": "2012-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"date": "2012-10-09T06:25:18",
"db": "PACKETSTORM",
"id": "117249"
},
{
"date": "2012-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"date": "2012-11-01T10:44:47.717000",
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"date": "2013-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-58690"
},
{
"date": "2012-10-31T21:11:00",
"db": "BID",
"id": "55835"
},
{
"date": "2012-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005192"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-251"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-5409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass Integrated \u0027SiPass server\u0027 Component Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "834f0bd2-1f52-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5662"
},
{
"db": "BID",
"id": "55835"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-251"
}
],
"trust": 0.6
}
}
VAR-202502-1670
Vulnerability from variot - Updated: 2025-02-22 23:30Siemens SiPass integrated is a powerful and flexible access control system for organizations of all sizes, from simple offices to large, complex facilities with thousands of doors, gates, barriers, and elevators.
A directory traversal vulnerability exists in DotNetZip, a third-party component of Siemens SiPass integrated, which can be exploited by an attacker to execute arbitrary code on the application server if a specially crafted backup set is used to restore it.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.90.3.19"
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.95.3.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-03033",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-03033",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u200cSiemens SiPass integrated\u200c is a powerful and flexible access control system for organizations of all sizes, from simple offices to large, complex facilities with thousands of doors, gates, barriers, and elevators.\n\nA directory traversal vulnerability exists in DotNetZip, a third-party component of Siemens SiPass integrated, which can be exploited by an attacker to execute arbitrary code on the application server if a specially crafted backup set is used to restore it.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-992434",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-03033",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"id": "VAR-202502-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"last_update_date": "2025-02-22T23:30:03.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SiPass integrated third-party component DotNetZip directory traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/656356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-992434.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03033"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiPass integrated third-party component DotNetZip directory traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03033"
}
],
"trust": 0.6
}
}
VAR-202112-0785
Vulnerability from variot - Updated: 2024-11-23 21:09A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained and information may be tampered with. SiPass integrated is an access control system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0785",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "siveillance identity",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.280.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.76"
},
{
"model": "siveillance identity",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siveillance identity",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.76"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.85"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44523",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44523",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-100378",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-407754",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44523",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44523",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44523",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44523",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-100378",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1235",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-407754",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained and information may be tampered with. SiPass integrated is an access control system",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44523",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-160202",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-463116",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-14",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96592426",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-19",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-100378",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-407754",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"id": "VAR-202112-0785",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
}
]
},
"last_update_date": "2024-11-23T21:09:33.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-160202 Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"title": "Patch for SiPass integrated Access Control Vulnerability (CNVD-2021-100378)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/306226"
},
{
"title": "Siemens SiPass Integrated and Siveillance Identity Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44523"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96592426/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010612"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"db": "VULHUB",
"id": "VHN-407754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-407754"
},
{
"date": "2022-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"date": "2021-12-14T12:15:12.077000",
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100378"
},
{
"date": "2021-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-407754"
},
{
"date": "2022-12-13T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2021-016370"
},
{
"date": "2022-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1235"
},
{
"date": "2024-11-21T06:31:09.350000",
"db": "NVD",
"id": "CVE-2021-44523"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiPass\u00a0integrated\u00a0 and \u00a0Siveillance\u00a0Identity\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016370"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1235"
}
],
"trust": 0.6
}
}
VAR-202112-0786
Vulnerability from variot - Updated: 2024-11-23 20:53A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. SiPass integrated is an access control system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0786",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "siveillance identity",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.280.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.76"
},
{
"model": "siveillance identity",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "siveillance identity",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.76"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.85"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44522",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-100379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-407753",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44522",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44522",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-44522",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-100379",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1234",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-407753",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. SiPass integrated is an access control system",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44522",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-160202",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-463116",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-14",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-19",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96592426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-100379",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-407753",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"id": "VAR-202112-0786",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
}
]
},
"last_update_date": "2024-11-23T20:53:00.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-160202 Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"title": "Patch for SiPass integrated access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/306221"
},
{
"title": "Siemens SiPass Integrated and Siveillance Identity Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44522"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96592426/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010612"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-407753"
},
{
"date": "2022-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"date": "2021-12-14T12:15:12.023000",
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"date": "2021-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-407753"
},
{
"date": "2022-12-08T05:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"date": "2022-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1234"
},
{
"date": "2024-11-21T06:31:09.223000",
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiPass\u00a0integrated\u00a0 and \u00a0Siveillance\u00a0Identity\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
}
}
VAR-202112-0784
Vulnerability from variot - Updated: 2024-11-23 20:12A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. SiPass integrated and Siveillance Identity There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SiPass integrated is an access control system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.76"
},
{
"model": "siveillance identity",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "siveillance identity",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.284.0"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siveillance identity",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.76"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.85"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44524",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-100377",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-407755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44524",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44524",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44524",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44524",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-100377",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1236",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-407755",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. SiPass integrated and Siveillance Identity There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SiPass integrated is an access control system",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44524",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-160202",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-463116",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-14",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96592426",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-19",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-100377",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-407755",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"id": "VAR-202112-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
}
]
},
"last_update_date": "2024-11-23T20:12:46.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-160202 Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"title": "Patch for SiPass integrated Access Control Vulnerability (CNVD-2021-100377)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/306241"
},
{
"title": "Siemens SiPass Integrated and Siveillance Identity Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175716"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407755"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44524"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96592426/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010612"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"db": "VULHUB",
"id": "VHN-407755"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-407755"
},
{
"date": "2022-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"date": "2021-12-14T12:15:12.147000",
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100377"
},
{
"date": "2021-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-407755"
},
{
"date": "2022-12-13T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-016369"
},
{
"date": "2022-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1236"
},
{
"date": "2024-11-21T06:31:09.470000",
"db": "NVD",
"id": "CVE-2021-44524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiPass\u00a0integrated\u00a0 and \u00a0Siveillance\u00a0Identity\u00a0 Authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1236"
}
],
"trust": 0.6
}
}
VAR-202307-0622
Vulnerability from variot - Updated: 2024-08-14 13:16A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition. Siemens' SiPass integrated Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Siemens SiPass Integrated is an access control system from Siemens, Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.90.3.8"
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "2.90.3.8"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.90.3.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"cve": "CVE-2022-31810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-56533",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31810",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-31810",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2022-31810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31810",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-56533",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-748",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. \r\n\r\nThis could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition. Siemens\u0027 SiPass integrated Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Siemens SiPass Integrated is an access control system from Siemens, Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31810"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "VULMON",
"id": "CVE-2022-31810"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31810",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-924149",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-56533",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "VULMON",
"id": "CVE-2022-31810"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"id": "VAR-202307-0622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
}
]
},
"last_update_date": "2024-08-14T13:16:47.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SiPass Integrated Stack Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/443031"
},
{
"title": "Siemens SiPass Integrated Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95292697/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31810"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-02"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-924149.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31810/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "VULMON",
"id": "CVE-2022-31810"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"db": "VULMON",
"id": "CVE-2022-31810"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31810"
},
{
"date": "2024-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"date": "2023-07-11T10:15:10.127000",
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-56533"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31810"
},
{
"date": "2024-01-19T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-024813"
},
{
"date": "2023-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-748"
},
{
"date": "2023-07-19T14:41:04.087000",
"db": "NVD",
"id": "CVE-2022-31810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0SiPass\u00a0integrated\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-024813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-748"
}
],
"trust": 0.6
}
}
CVE-2025-40774 (GCVE-0-2025-40774)
Vulnerability from nvd – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:03
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.
Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.
Severity ?
4.4 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:56.197262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:03:05.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.\r\n\r\nSuccessful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:21.139Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40774",
"datePublished": "2025-10-14T09:15:21.139Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:03:05.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40773 (GCVE-0-2025-40773)
Vulnerability from nvd – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:00
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.
Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:31.582611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:40.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.\r\n\r\nSuccessful exploitation allows an attacker to potentially manipulate data belonging to other users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:19.971Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40773",
"datePublished": "2025-10-14T09:15:19.971Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:00:40.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40772 (GCVE-0-2025-40772)
Vulnerability from nvd – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:00
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:06.441835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:19.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.\r\n\r\nSuccessful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:18.788Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40772",
"datePublished": "2025-10-14T09:15:18.788Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:00:19.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31812 (GCVE-0-2022-31812)
Vulnerability from nvd – Published: 2025-05-23 15:03 – Updated: 2025-05-23 17:01
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V2.95.3.18
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T17:01:12.871336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T17:01:19.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.95.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:03:39.864Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31812",
"datePublished": "2025-05-23T15:03:39.864Z",
"dateReserved": "2022-05-30T10:21:52.588Z",
"dateUpdated": "2025-05-23T17:01:19.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31810 (GCVE-0-2022-31810)
Vulnerability from nvd – Published: 2023-07-11 09:07 – Updated: 2025-03-05 18:54
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
All versions < V2.90.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:55.893124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:24.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.90.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.\r\n\r\nThis could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:03.150Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31810",
"datePublished": "2023-07-11T09:07:03.150Z",
"dateReserved": "2022-05-30T10:21:52.587Z",
"dateUpdated": "2025-03-05T18:54:24.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40774 (GCVE-0-2025-40774)
Vulnerability from cvelistv5 – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:03
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.
Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.
Severity ?
4.4 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:56.197262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:03:05.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.\r\n\r\nSuccessful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:21.139Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40774",
"datePublished": "2025-10-14T09:15:21.139Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:03:05.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40773 (GCVE-0-2025-40773)
Vulnerability from cvelistv5 – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:00
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.
Successful exploitation allows an attacker to potentially manipulate data belonging to other users.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:31.582611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:40.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request.\r\n\r\nSuccessful exploitation allows an attacker to potentially manipulate data belonging to other users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:19.971Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40773",
"datePublished": "2025-10-14T09:15:19.971Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:00:40.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40772 (GCVE-0-2025-40772)
Vulnerability from cvelistv5 – Published: 2025-10-14 09:15 – Updated: 2025-10-14 19:00
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.
Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T19:00:06.441835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:00:19.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page.\r\n\r\nSuccessful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T09:15:18.788Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-599451.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40772",
"datePublished": "2025-10-14T09:15:18.788Z",
"dateReserved": "2025-04-16T08:39:30.033Z",
"dateUpdated": "2025-10-14T19:00:19.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31812 (GCVE-0-2022-31812)
Vulnerability from cvelistv5 – Published: 2025-05-23 15:03 – Updated: 2025-05-23 17:01
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
0 , < V2.95.3.18
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T17:01:12.871336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T17:01:19.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.95.3.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:03:39.864Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31812",
"datePublished": "2025-05-23T15:03:39.864Z",
"dateReserved": "2022-05-30T10:21:52.588Z",
"dateUpdated": "2025-05-23T17:01:19.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31810 (GCVE-0-2022-31810)
Vulnerability from cvelistv5 – Published: 2023-07-11 09:07 – Updated: 2025-03-05 18:54
VLAI?
Summary
A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiPass integrated |
Affected:
All versions < V2.90.3.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:55.893124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:24.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiPass integrated",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.90.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiPass integrated (All versions \u003c V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.\r\n\r\nThis could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T09:07:03.150Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-31810",
"datePublished": "2023-07-11T09:07:03.150Z",
"dateReserved": "2022-05-30T10:21:52.587Z",
"dateUpdated": "2025-03-05T18:54:24.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}