Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for mysql_connectors by oracle

    CVE-2025-30714 (GCVE-0-2025-30714)

    Vulnerability from nvd – Published: 2025-04-15 20:31 – Updated: 2025-04-16 15:39
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data.
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 9.0.0 , ≤ 9.2.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T14:08:18.695678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T15:39:33.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:oracle:mysql_connector\\/python:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "9.2.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).  Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T20:31:11.528Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-30714",
        "datePublished": "2025-04-15T20:31:11.528Z",
        "dateReserved": "2025-03-25T20:11:18.268Z",
        "dateUpdated": "2025-04-16T15:39:33.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30706 (GCVE-0-2025-30706)

    Vulnerability from nvd – Published: 2025-04-15 20:31 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 9.0.0 , ≤ 9.2.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30706",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T03:55:26.711972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:20.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-19T00:11:11.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250418-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "9.2.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T20:31:08.449Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-30706",
        "datePublished": "2025-04-15T20:31:08.449Z",
        "dateReserved": "2025-03-25T20:11:18.266Z",
        "dateUpdated": "2026-02-26T18:28:20.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21262 (GCVE-0-2024-21262)

    Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:53
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors.
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: * , ≤ 9.0.0 (custom)
        cpe:2.3:a:oracle:mysql_connector\/odbc:9.0.0_and_prior:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:30:13.338077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T15:01:44.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:53:24.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:oracle:mysql_connector\\/odbc:9.0.0_and_prior:*:*:*:*:*:*:*"
              ],
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC).  Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T19:52:54.911Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2024-21262",
        "datePublished": "2024-10-15T19:52:54.911Z",
        "dateReserved": "2023-12-07T22:28:10.702Z",
        "dateUpdated": "2025-11-03T21:53:24.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21971 (GCVE-0-2023-21971)

    Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2024-09-16 15:11
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data.
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.32 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:59:28.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
              },
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230427-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:38:46.017713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T15:11:09.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.32 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and  unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and  unauthorized read access to a subset of MySQL Connectors accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T21:05:03.780Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
            },
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230427-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-21971",
        "datePublished": "2023-04-18T19:54:35.372Z",
        "dateReserved": "2022-12-17T19:26:00.735Z",
        "dateUpdated": "2024-09-16T15:11:09.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21824 (GCVE-0-2022-21824)

    Vulnerability from nvd – Published: 2022-02-24 00:00 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
    Severity
    No CVSS data available.
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID) (CWE-471)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:53:36.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1431042"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
              },
              {
                "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "Modification of Assumed-Immutable Data (MAID) (CWE-471)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:41.602Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "url": "https://hackerone.com/reports/1431042"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
            },
            {
              "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2022-21824",
        "datePublished": "2022-02-24T00:00:00.000Z",
        "dateReserved": "2021-12-10T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:41.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44533 (GCVE-0-2021-44533)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
    Severity
    No CVSS data available.
    CWE
    • CWE-295 - Improper Certificate Validation (CWE-295)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node\u0027s ambiguous presentation of certificate subjects may be vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation (CWE-295)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:40.708Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node\u0027s ambiguous presentation of certificate subjects may be vulnerable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation (CWE-295)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44533",
        "datePublished": "2022-02-24T18:27:02.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:40.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44532 (GCVE-0-2021-44532)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
    Severity
    No CVSS data available.
    CWE
    • CWE-296 - Improper Following of a Certificate's Chain of Trust (CWE-296)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "Improper Following of a Certificate\u0027s Chain of Trust (CWE-296)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:39.850Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Following of a Certificate\u0027s Chain of Trust (CWE-296)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44532",
        "datePublished": "2022-02-24T18:27:01.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:39.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44531 (GCVE-0-2021-44531)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
    Severity
    No CVSS data available.
    CWE
    • CWE-295 - Improper Certificate Validation (CWE-295)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation (CWE-295)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:39.015Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation (CWE-295)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44531",
        "datePublished": "2022-02-24T18:27:00.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:39.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21363 (GCVE-0-2022-21363)

    Vulnerability from nvd – Published: 2022-01-19 11:25 – Updated: 2024-09-24 20:18
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.27 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:38:55.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T17:38:01.377149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T20:18:47.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.27 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-19T11:25:43.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2022-21363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Connectors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.27 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.6",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2022-21363",
        "datePublished": "2022-01-19T11:25:44.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-09-24T20:18:47.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-2471 (GCVE-0-2021-2471)

    Vulnerability from nvd – Published: 2021-10-20 10:49 – Updated: 2024-09-25 19:39
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.26 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:50.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-2471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T19:15:14.455458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T19:39:53.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.26 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T20:36:38.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2021-2471",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Connectors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.26 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.9",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2021-2471",
        "datePublished": "2021-10-20T10:49:38.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-25T19:39:53.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3712 (GCVE-0-2021-3712)

    Vulnerability from nvd – Published: 2021-08-24 14:50 – Updated: 2026-04-16 14:11
    VLAI
    Title
    Read buffer overruns processing ASN.1 strings
    Summary
    ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Buffer overflow
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
    Affected: Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)
    Create a notification for this product.
    Siemens BFCClient Affected: 0 , < V2.17 (custom)
    Create a notification for this product.
    Siemens Industrial Edge - Machine Insight App Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Industrial Edge - PROFINET IO Connector Affected: All versions < V1.1.1
    Create a notification for this product.
    Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: All versions < V7.1
    Create a notification for this product.
    Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: All versions < V7.1
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE M804PB Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M812-1 ADSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M816-1 ADSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M826-2 SHDSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M874-2 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M874-3 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-3 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-3 (ROK) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-4 (EU) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-4 (NAM) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE S615 LAN-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE SC622-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC632-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC636-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC642-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC646-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE W1748-1 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-1 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2 EEC M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2IA M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W721-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W722-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W734-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W734-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W738-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W748-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W748-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W761-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 EEC (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2 SFP Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2IA RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 (US) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 EEC Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 EEC (US) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WUM766-1 Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WUM766-1 (USA) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE X200-4P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X304-2FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X306-1LD FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-3 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-3LD Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LD Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LH Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LH+ Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M PoE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M TS Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X310 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X310FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X320-1 FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X320-1-2LD FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X408-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (230V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (230V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M TS (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (230V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (230V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1242-7 V2 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-1 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-7 LTE EU Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-7 LTE US Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-8 IRC Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1542SP-1 Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1543-1 Affected: All versions < V3.0.22
    Create a notification for this product.
    Siemens SIMATIC CP 1543SP-1 Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1545-1 Affected: All versions < V1.1
    Create a notification for this product.
    Siemens SIMATIC PCS neo (Administration Console) Affected: 0 , < V3.1.1 (custom)
    Create a notification for this product.
    Siemens SIMATIC Process Historian OPC UA Server Affected: 0 , < V2020 SP1 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SINEC NMS Affected: 0 , < V1.0 SP3 (custom)
    Create a notification for this product.
    Siemens SINEMA Remote Connect Server Affected: 0 , < V3.1 (custom)
    Create a notification for this product.
    Siemens SINEMA Server V14 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SINUMERIK Operate Affected: All versions < V4.95 SP1
    Create a notification for this product.
    Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIPLUS NET CP 1242-7 V2 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS NET CP 1543-1 Affected: All versions < V3.0.22
    Create a notification for this product.
    Siemens SIPLUS NET SCALANCE X308-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CP 1243-1 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CP 1243-1 RAIL Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens TIA Administrator Affected: 0 , < V1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2021-08-24 00:00
    Credits
    Ingo Schwarze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:08.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210824.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
              },
              {
                "name": "DSA-4963",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4963"
              },
              {
                "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
              },
              {
                "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
              },
              {
                "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "BFCClient",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge - Machine Insight App",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge - PROFINET IO Connector",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V1.1.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RM1224 LTE(4G) EU",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M804PB",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M812-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M812-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M816-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M816-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M826-2 SHDSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M874-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M874-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-3 (ROK)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-4 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-4 (NAM)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM853-1 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM856-1 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM856-1 (RoW)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE S615 LAN-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC622-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC632-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC636-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC642-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC646-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2 EEC M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2IA M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 (US)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 EEC (US)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WUM766-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WUM766-1 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X200-4P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X201-3P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X201-3P IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2P IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2FM",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2LD TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X206-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X206-1LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X208",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X208PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X212-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X212-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X216",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X224",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X304-2FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X306-1LD FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH+",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH+",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M PoE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M PoE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X320-1 FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X320-1-2LD FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X408-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF201-3P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF202-2P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204-2BA IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF206-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF208",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M TS (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M TS (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1242-7 V2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-7 LTE EU",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-7 LTE US",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-8 IRC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1542SP-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1543-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.0.22"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1543SP-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1545-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V1.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC PCS neo (Administration Console)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC Process Historian OPC UA Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2020 SP1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1217C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0 SP3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Remote Connect Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Server V14",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINUMERIK Operate",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c  V4.95 SP1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET CP 1242-7 V2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET CP 1543-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.0.22"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CP 1243-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "TIA Administrator",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T08:57:51.339Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T14:11:09.557845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T14:11:16.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ingo Schwarze"
            }
          ],
          "datePublic": "2021-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:07:21.902Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210824.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
            },
            {
              "name": "DSA-4963",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4963"
            },
            {
              "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
            },
            {
              "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
            },
            {
              "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-16"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-02"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "Read buffer overruns processing ASN.1 strings"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3712",
        "datePublished": "2021-08-24T14:50:14.704Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2026-04-16T14:11:16.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-3711 (GCVE-0-2021-3711)

    Vulnerability from nvd – Published: 2021-08-24 14:50 – Updated: 2024-09-16 18:29
    VLAI
    Title
    SM2 Decryption Buffer Overflow
    Summary
    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
    Create a notification for this product.
    Date Public
    2021-08-24 00:00
    Credits
    John Ouyang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:08.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210824.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
              },
              {
                "name": "DSA-4963",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4963"
              },
              {
                "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
              },
              {
                "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "John Ouyang"
            }
          ],
          "datePublic": "2021-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:07:59.573Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210824.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
            },
            {
              "name": "DSA-4963",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4963"
            },
            {
              "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
            },
            {
              "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-16"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-02"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "SM2 Decryption Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3711",
        "datePublished": "2021-08-24T14:50:13.114Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:29:03.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3450 (GCVE-0-2021-3450)

    Vulnerability from nvd – Published: 2021-03-25 14:25 – Updated: 2024-09-17 03:07
    VLAI
    Title
    CA certificate check bypass with X509_V_FLAG_X509_STRICT
    Summary
    The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
    Severity
    No CVSS data available.
    CWE
    • Invalid Certificate Verification
    Assigner
    References
    URL Tags
    https://www.openssl.org/news/secadv/20210325.txt x_refsource_CONFIRM
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba… x_refsource_CONFIRM
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.openwall.com/lists/oss-security/2021/03/27/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/27/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/28/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/28/4 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/202103-03 vendor-advisoryx_refsource_GENTOO
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2021-09 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2021032… x_refsource_CONFIRM
    https://security.FreeBSD.org/advisories/FreeBSD-S… x_refsource_MISC
    https://www.tenable.com/security/tns-2021-05 x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    https://www.tenable.com/security/tns-2021-08 x_refsource_CONFIRM
    https://mta.openssl.org/pipermail/openssl-announc… x_refsource_MISC
    https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)
    Create a notification for this product.
    Date Public
    2021-03-25 00:00
    Credits
    Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210325.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
              },
              {
                "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
              },
              {
                "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
              },
              {
                "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
              },
              {
                "name": "GLSA-202103-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202103-03"
              },
              {
                "name": "FEDORA-2021-cbf14ab8f9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-08"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
            }
          ],
          "datePublic": "2021-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid Certificate Verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:35:11.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
            },
            {
              "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
            },
            {
              "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
            },
            {
              "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
            },
            {
              "name": "GLSA-202103-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202103-03"
            },
            {
              "name": "FEDORA-2021-cbf14ab8f9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-08"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "title": "CA certificate check bypass with X509_V_FLAG_X509_STRICT",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "openssl-security@openssl.org",
              "DATE_PUBLIC": "2021-03-25",
              "ID": "CVE-2021-3450",
              "STATE": "PUBLIC",
              "TITLE": "CA certificate check bypass with X509_V_FLAG_X509_STRICT"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenSSL",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenSSL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
                }
              ]
            },
            "impact": [
              {
                "lang": "eng",
                "url": "https://www.openssl.org/policies/secpolicy.html#High",
                "value": "High"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid Certificate Verification"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openssl.org/news/secadv/20210325.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20210325.txt"
                },
                {
                  "name": "https://www.openssl.org/news/secadv/20210325.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20210325.txt"
                },
                {
                  "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b",
                  "refsource": "CONFIRM",
                  "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
                },
                {
                  "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
                },
                {
                  "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
                },
                {
                  "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
                },
                {
                  "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
                },
                {
                  "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
                },
                {
                  "name": "GLSA-202103-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202103-03"
                },
                {
                  "name": "FEDORA-2021-cbf14ab8f9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-09",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-09"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210326-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
                },
                {
                  "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
                  "refsource": "MISC",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-05",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-05"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-08",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-08"
                },
                {
                  "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
                  "refsource": "MISC",
                  "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3450",
        "datePublished": "2021-03-25T14:25:14.287Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:10.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3449 (GCVE-0-2021-3449)

    Vulnerability from nvd – Published: 2021-03-25 14:25 – Updated: 2024-09-17 03:43
    VLAI
    Title
    NULL pointer deref in signature_algorithms processing
    Summary
    An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
    Severity
    No CVSS data available.
    CWE
    • NULL pointer dereference
    Assigner
    References
    URL Tags
    https://www.openssl.org/news/secadv/20210325.txt
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba…
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    https://www.debian.org/security/2021/dsa-4875 vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/03/27/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/27/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/28/3 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/28/4 mailing-list
    https://security.gentoo.org/glsa/202103-03 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.tenable.com/security/tns-2021-10
    https://www.tenable.com/security/tns-2021-09
    https://security.netapp.com/advisory/ntap-2021051…
    https://security.netapp.com/advisory/ntap-2021032…
    https://security.FreeBSD.org/advisories/FreeBSD-S…
    https://www.tenable.com/security/tns-2021-06
    https://www.tenable.com/security/tns-2021-05
    https://kc.mcafee.com/corporate/index?page=conten…
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujul2022.html
    https://security.netapp.com/advisory/ntap-2024062…
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)
    Create a notification for this product.
    Date Public
    2021-03-25 00:00
    Credits
    Peter Kästle (Nokia) and Samuel Sapalski (Nokia)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210325.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
              },
              {
                "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
              },
              {
                "name": "DSA-4875",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4875"
              },
              {
                "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
              },
              {
                "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
              },
              {
                "name": "GLSA-202103-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202103-03"
              },
              {
                "name": "FEDORA-2021-cbf14ab8f9",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-06"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
              },
              {
                "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter K\u00e4stle (Nokia) and Samuel Sapalski (Nokia)"
            }
          ],
          "datePublic": "2021-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NULL pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:05:57.096Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
            },
            {
              "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
            },
            {
              "name": "DSA-4875",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4875"
            },
            {
              "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
            },
            {
              "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
            },
            {
              "name": "GLSA-202103-03",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202103-03"
            },
            {
              "name": "FEDORA-2021-cbf14ab8f9",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-09"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
            },
            {
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-06"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-05"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
            },
            {
              "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "NULL pointer deref in signature_algorithms processing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3449",
        "datePublished": "2021-03-25T14:25:13.659Z",
        "dateReserved": "2021-03-17T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1967 (GCVE-0-2020-1967)

    Vulnerability from nvd – Published: 2020-04-21 13:45 – Updated: 2024-09-17 03:13
    VLAI
    Title
    Segmentation fault in SSL_check_chain
    Summary
    Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
    Severity
    No CVSS data available.
    CWE
    • NULL pointer dereference
    Assigner
    References
    URL Tags
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    https://www.debian.org/security/2020/dsa-4661 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2020/04/22/2 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a41e304992… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r66ea9c436da… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r94d6ac3f010… mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/202004-10 vendor-advisoryx_refsource_GENTOO
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/fulldisclosure/2020/May/5 mailing-listx_refsource_FULLDISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-03 x_refsource_CONFIRM
    https://www.openssl.org/news/secadv/20200421.txt x_refsource_CONFIRM
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba… x_refsource_CONFIRM
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020042… x_refsource_CONFIRM
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://github.com/irsl/CVE-2020-1967 x_refsource_MISC
    http://packetstormsecurity.com/files/157527/OpenS… x_refsource_MISC
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://www.tenable.com/security/tns-2020-04 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2020071… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_CONFIRM
    https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)
    Create a notification for this product.
    Date Public
    2020-04-21 00:00
    Credits
    Bernd Edlinger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FreeBSD-SA-20:11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
              },
              {
                "name": "DSA-4661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4661"
              },
              {
                "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
              },
              {
                "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "GLSA-202004-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202004-10"
              },
              {
                "name": "FEDORA-2020-fcc91a28e8",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
              },
              {
                "name": "FEDORA-2020-da2d1ef2d7",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
              },
              {
                "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/May/5"
              },
              {
                "name": "FEDORA-2020-d7b29838f6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
              },
              {
                "name": "openSUSE-SU-2020:0933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2020:0945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20200421.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/CVE-2020-1967"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-04"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bernd Edlinger"
            }
          ],
          "datePublic": "2020-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NULL pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:39:19.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "name": "FreeBSD-SA-20:11",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
            },
            {
              "name": "DSA-4661",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4661"
            },
            {
              "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
            },
            {
              "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "GLSA-202004-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202004-10"
            },
            {
              "name": "FEDORA-2020-fcc91a28e8",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
            },
            {
              "name": "FEDORA-2020-da2d1ef2d7",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
            },
            {
              "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/May/5"
            },
            {
              "name": "FEDORA-2020-d7b29838f6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
            },
            {
              "name": "openSUSE-SU-2020:0933",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:0945",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openssl.org/news/secadv/20200421.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/CVE-2020-1967"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-04"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "title": "Segmentation fault in SSL_check_chain",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "openssl-security@openssl.org",
              "DATE_PUBLIC": "2020-04-21",
              "ID": "CVE-2020-1967",
              "STATE": "PUBLIC",
              "TITLE": "Segmentation fault in SSL_check_chain"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenSSL",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenSSL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bernd Edlinger"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
                }
              ]
            },
            "impact": [
              {
                "lang": "eng",
                "url": "https://www.openssl.org/policies/secpolicy.html#High",
                "value": "High"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NULL pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FreeBSD-SA-20:11",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
                },
                {
                  "name": "DSA-4661",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4661"
                },
                {
                  "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
                },
                {
                  "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "GLSA-202004-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202004-10"
                },
                {
                  "name": "FEDORA-2020-fcc91a28e8",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
                },
                {
                  "name": "FEDORA-2020-da2d1ef2d7",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
                },
                {
                  "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/May/5"
                },
                {
                  "name": "FEDORA-2020-d7b29838f6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
                },
                {
                  "name": "openSUSE-SU-2020:0933",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2020:0945",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-03"
                },
                {
                  "name": "https://www.openssl.org/news/secadv/20200421.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20200421.txt"
                },
                {
                  "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1",
                  "refsource": "CONFIRM",
                  "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200424-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
                },
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
                },
                {
                  "name": "https://github.com/irsl/CVE-2020-1967",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/CVE-2020-1967"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
                },
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_05",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-04",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-04"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-11"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-10"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2020-1967",
        "datePublished": "2020-04-21T13:45:15.136Z",
        "dateReserved": "2019-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:46.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30714 (GCVE-0-2025-30714)

    Vulnerability from cvelistv5 – Published: 2025-04-15 20:31 – Updated: 2025-04-16 15:39
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data.
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 9.0.0 , ≤ 9.2.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T14:08:18.695678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T15:39:33.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:oracle:mysql_connector\\/python:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "9.2.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python).  Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T20:31:11.528Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-30714",
        "datePublished": "2025-04-15T20:31:11.528Z",
        "dateReserved": "2025-03-25T20:11:18.268Z",
        "dateUpdated": "2025-04-16T15:39:33.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-30706 (GCVE-0-2025-30706)

    Vulnerability from cvelistv5 – Published: 2025-04-15 20:31 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 9.0.0 , ≤ 9.2.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-30706",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T03:55:26.711972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:20.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-19T00:11:11.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250418-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "9.2.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T20:31:08.449Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2025-30706",
        "datePublished": "2025-04-15T20:31:08.449Z",
        "dateReserved": "2025-03-25T20:11:18.266Z",
        "dateUpdated": "2026-02-26T18:28:20.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21262 (GCVE-0-2024-21262)

    Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-11-03 21:53
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors.
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: * , ≤ 9.0.0 (custom)
        cpe:2.3:a:oracle:mysql_connector\/odbc:9.0.0_and_prior:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:30:13.338077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T15:01:44.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:53:24.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20241025-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:oracle:mysql_connector\\/odbc:9.0.0_and_prior:*:*:*:*:*:*:*"
              ],
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC).  Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T19:52:54.911Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2024-21262",
        "datePublished": "2024-10-15T19:52:54.911Z",
        "dateReserved": "2023-12-07T22:28:10.702Z",
        "dateUpdated": "2025-11-03T21:53:24.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-21971 (GCVE-0-2023-21971)

    Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2024-09-16 15:11
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data.
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.32 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:59:28.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
              },
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230427-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:38:46.017713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T15:11:09.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.32 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and  unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as  unauthorized update, insert or delete access to some of MySQL Connectors accessible data and  unauthorized read access to a subset of MySQL Connectors accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-18T21:05:03.780Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
            },
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230427-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-21971",
        "datePublished": "2023-04-18T19:54:35.372Z",
        "dateReserved": "2022-12-17T19:26:00.735Z",
        "dateUpdated": "2024-09-16T15:11:09.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44533 (GCVE-0-2021-44533)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
    Severity
    No CVSS data available.
    CWE
    • CWE-295 - Improper Certificate Validation (CWE-295)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node\u0027s ambiguous presentation of certificate subjects may be vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation (CWE-295)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:40.708Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node\u0027s ambiguous presentation of certificate subjects may be vulnerable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation (CWE-295)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44533",
        "datePublished": "2022-02-24T18:27:02.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:40.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44532 (GCVE-0-2021-44532)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
    Severity
    No CVSS data available.
    CWE
    • CWE-296 - Improper Following of a Certificate's Chain of Trust (CWE-296)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-296",
                  "description": "Improper Following of a Certificate\u0027s Chain of Trust (CWE-296)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:39.850Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Following of a Certificate\u0027s Chain of Trust (CWE-296)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44532",
        "datePublished": "2022-02-24T18:27:01.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:39.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44531 (GCVE-0-2021-44531)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
    Severity
    No CVSS data available.
    CWE
    • CWE-295 - Improper Certificate Validation (CWE-295)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:25:16.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1429694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Improper Certificate Validation (CWE-295)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:39.015Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/1429694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2021-44531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "https://github.com/nodejs/node",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in 12.22.9, 14.18.3, 16.13.2, 17.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation (CWE-295)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/1429694",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/1429694"
                },
                {
                  "name": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
                  "refsource": "MISC",
                  "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220325-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
                },
                {
                  "name": "DSA-5170",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5170"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2021-44531",
        "datePublished": "2022-02-24T18:27:00.000Z",
        "dateReserved": "2021-12-02T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:39.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21824 (GCVE-0-2022-21824)

    Vulnerability from cvelistv5 – Published: 2022-02-24 00:00 – Updated: 2025-04-30 22:24
    VLAI
    Summary
    Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
    Severity
    No CVSS data available.
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID) (CWE-471)
    Assigner
    Impacted products
    Vendor Product Version
    NodeJS Node Affected: 4.0 , < 4.* (semver)
    Affected: 5.0 , < 5.* (semver)
    Affected: 6.0 , < 6.* (semver)
    Affected: 7.0 , < 7.* (semver)
    Affected: 8.0 , < 8.* (semver)
    Affected: 9.0 , < 9.* (semver)
    Affected: 10.0 , < 10.* (semver)
    Affected: 11.0 , < 11.* (semver)
    Affected: 12.0 , < 12.22.9 (semver)
    Affected: 13.0 , < 13.* (semver)
    Affected: 14.0 , < 14.18.3 (semver)
    Affected: 15.0 , < 15.* (semver)
    Affected: 16.0 , < 16.13.2 (semver)
    Affected: 17.0 , < 17.3.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:53:36.314Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1431042"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
              },
              {
                "name": "DSA-5170",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
              },
              {
                "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Node",
              "vendor": "NodeJS",
              "versions": [
                {
                  "lessThan": "4.*",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.*",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.*",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.*",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.*",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "9.*",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "10.*",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.*",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.22.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "13.*",
                  "status": "affected",
                  "version": "13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "14.18.3",
                  "status": "affected",
                  "version": "14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "15.*",
                  "status": "affected",
                  "version": "15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.13.2",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "17.3.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "Modification of Assumed-Immutable Data (MAID) (CWE-471)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-30T22:24:41.602Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
            },
            {
              "url": "https://hackerone.com/reports/1431042"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220325-0007/"
            },
            {
              "name": "DSA-5170",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5170"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
            },
            {
              "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2022-21824",
        "datePublished": "2022-02-24T00:00:00.000Z",
        "dateReserved": "2021-12-10T00:00:00.000Z",
        "dateUpdated": "2025-04-30T22:24:41.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21363 (GCVE-0-2022-21363)

    Vulnerability from cvelistv5 – Published: 2022-01-19 11:25 – Updated: 2024-09-24 20:18
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.27 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:38:55.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T17:38:01.377149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T20:18:47.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.27 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-19T11:25:43.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2022-21363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Connectors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.27 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "6.6",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2022-21363",
        "datePublished": "2022-01-19T11:25:44.000Z",
        "dateReserved": "2021-11-15T00:00:00.000Z",
        "dateUpdated": "2024-09-24T20:18:47.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-2471 (GCVE-0-2021-2471)

    Vulnerability from cvelistv5 – Published: 2021-10-20 10:49 – Updated: 2024-09-25 19:39
    VLAI
    Summary
    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
    Assigner
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Connectors Affected: 8.0.26 and prior
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:45:50.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-2471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T19:15:14.455458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T19:39:53.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Connectors",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.26 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T20:36:38.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2021-2471",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Connectors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.0.26 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "5.9",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2021-2471",
        "datePublished": "2021-10-20T10:49:38.000Z",
        "dateReserved": "2020-12-09T00:00:00.000Z",
        "dateUpdated": "2024-09-25T19:39:53.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3712 (GCVE-0-2021-3712)

    Vulnerability from cvelistv5 – Published: 2021-08-24 14:50 – Updated: 2026-04-16 14:11
    VLAI
    Title
    Read buffer overruns processing ASN.1 strings
    Summary
    ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Buffer overflow
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
    Affected: Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)
    Create a notification for this product.
    Siemens BFCClient Affected: 0 , < V2.17 (custom)
    Create a notification for this product.
    Siemens Industrial Edge - Machine Insight App Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Industrial Edge - PROFINET IO Connector Affected: All versions < V1.1.1
    Create a notification for this product.
    Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: All versions < V7.1
    Create a notification for this product.
    Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: All versions < V7.1
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX MX5000RE Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1400 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1500 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1501 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1510 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1511 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1512 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1524 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX1536 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens RUGGEDCOM ROX RX5000 Affected: 0 , < V2.15.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE M804PB Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M812-1 ADSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M816-1 ADSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M826-2 SHDSL-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M874-2 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M874-3 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-3 Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-3 (ROK) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-4 (EU) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE M876-4 (NAM) Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V7.1 (custom)
    Create a notification for this product.
    Siemens SCALANCE S615 LAN-Router Affected: All versions < V7.1
    Create a notification for this product.
    Siemens SCALANCE SC622-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC632-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC636-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC642-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE SC646-2C Affected: All versions < V2.3
    Create a notification for this product.
    Siemens SCALANCE W1748-1 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-1 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2 EEC M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2 M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W1788-2IA M12 Affected: 0 , < V3.0.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W721-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W722-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W734-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W734-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W738-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W748-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W748-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W761-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W774-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W778-1 M12 EEC (USA) Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2 SFP Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W786-2IA RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-1 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-1 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 M12 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 M12 EEC Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE W788-2 RJ45 Affected: 0 , < V6.6.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 (US) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 EEC Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WAM766-1 EEC (US) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WUM766-1 Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE WUM766-1 (USA) Affected: 0 , < V1.2.0 (custom)
    Create a notification for this product.
    Siemens SCALANCE X200-4P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X201-3P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X201-3P IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X202-2P IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X204-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2FM Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204-2TS Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X204IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X204IRT PRO Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE X206-1 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X206-1LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X208 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X208PRO Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X212-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X212-2LD Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X216 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X224 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X302-7 EEC (2x 24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X304-2FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X306-1LD FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 230V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 230V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 24V, coated) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-2 EEC (2x 24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-3 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X307-3LD Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LD Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LH Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2LH+ Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M PoE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X308-2M TS Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X310 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X310FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X320-1 FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X320-1-2LD FE Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE X408-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF201-3P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF202-2P IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF204 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF204-2 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF204-2BA IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF204IRT Affected: 0 , < V5.5.2 (custom)
    Create a notification for this product.
    Siemens SCALANCE XF206-1 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XF208 Affected: All versions < V5.2.6
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (230V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (230V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-12M TS (24V) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (230V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (230V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE (24V, ports on rear) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SCALANCE XR324-4M PoE TS (24V, ports on front) Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1242-7 V2 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-1 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-7 LTE EU Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-7 LTE US Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1243-8 IRC Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIMATIC CP 1542SP-1 Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1543-1 Affected: All versions < V3.0.22
    Create a notification for this product.
    Siemens SIMATIC CP 1543SP-1 Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIMATIC CP 1545-1 Affected: All versions < V1.1
    Create a notification for this product.
    Siemens SIMATIC PCS neo (Administration Console) Affected: 0 , < V3.1.1 (custom)
    Create a notification for this product.
    Siemens SIMATIC Process Historian OPC UA Server Affected: 0 , < V2020 SP1 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SINEC NMS Affected: 0 , < V1.0 SP3 (custom)
    Create a notification for this product.
    Siemens SINEMA Remote Connect Server Affected: 0 , < V3.1 (custom)
    Create a notification for this product.
    Siemens SINEMA Server V14 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SINUMERIK Operate Affected: All versions < V4.95 SP1
    Create a notification for this product.
    Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Affected: 0 , < V2.2.28 (custom)
    Create a notification for this product.
    Siemens SIPLUS NET CP 1242-7 V2 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS NET CP 1543-1 Affected: All versions < V3.0.22
    Create a notification for this product.
    Siemens SIPLUS NET SCALANCE X308-2 Affected: 0 , < V4.1.4 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CP 1243-1 Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CP 1243-1 RAIL Affected: All versions < V3.3.46
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215C AC/DC/RLY Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC Affected: 0 , < V4.5.2 (custom)
    Create a notification for this product.
    Siemens TIA Administrator Affected: 0 , < V1.0.7 (custom)
    Create a notification for this product.
    Date Public
    2021-08-24 00:00
    Credits
    Ingo Schwarze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:08.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210824.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
              },
              {
                "name": "DSA-4963",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4963"
              },
              {
                "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
              },
              {
                "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
              },
              {
                "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "BFCClient",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge - Machine Insight App",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "Industrial Edge - PROFINET IO Connector",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V1.1.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RM1224 LTE(4G) EU",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX MX5000RE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1400",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1500",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1501",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1510",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1511",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1512",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1524",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX1536",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM ROX RX5000",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M804PB",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M812-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M812-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M816-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M816-1 ADSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M826-2 SHDSL-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M874-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M874-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-3 (ROK)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-4 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE M876-4 (NAM)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM853-1 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM856-1 (EU)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE MUM856-1 (RoW)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V7.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE S615 LAN-Router",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V7.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC622-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC632-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC636-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC642-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE SC646-2C",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V2.3"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2 EEC M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W1788-2IA M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W721-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W722-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W734-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W738-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W748-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W761-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W774-1 RJ45 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W778-1 M12 EEC (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2 SFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W786-2IA RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-1 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 M12 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE W788-2 RJ45",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V6.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 (US)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 EEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WAM766-1 EEC (US)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WUM766-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE WUM766-1 (USA)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X200-4P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X201-3P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X201-3P IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X202-2P IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2FM",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2LD TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204-2TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X204IRT PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X206-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X206-1LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X208",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X208PRO",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X212-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X212-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X216",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X224",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X302-7 EEC (2x 24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X304-2FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X306-1LD FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 230V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-2 EEC (2x 24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X307-3LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LD",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH+",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2LH+",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M PoE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M PoE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X308-2M TS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X310FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X320-1 FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X320-1-2LD FE",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE X408-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF201-3P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF202-2P IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204-2BA IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF204IRT",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V5.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF206-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XF208",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V5.2.6"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M TS (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-12M TS (24V)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1242-7 V2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-7 LTE EU",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-7 LTE US",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1243-8 IRC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1542SP-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1543-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.0.22"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1543SP-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC CP 1545-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V1.1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC PCS neo (Administration Console)",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC Process Historian OPC UA Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2020 SP1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1211C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1212FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1214FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C AC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215C DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1215FC DC/DC/Rly",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1200 CPU 1217C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0 SP3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Remote Connect Server",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEMA Server V14",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINUMERIK Operate",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c  V4.95 SP1"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V2.2.28",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET CP 1242-7 V2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET CP 1543-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.0.22"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS NET SCALANCE X308-2",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.1.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CP 1243-1",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "status": "affected",
                    "version": "All versions \u003c V3.3.46"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215C AC/DC/RLY",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V4.5.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "TIA Administrator",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V1.0.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T08:57:51.339Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-244969.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T14:11:09.557845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T14:11:16.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ingo Schwarze"
            }
          ],
          "datePublic": "2021-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:07:21.902Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210824.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
            },
            {
              "name": "DSA-4963",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4963"
            },
            {
              "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
            },
            {
              "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
            },
            {
              "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-16"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-02"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "Read buffer overruns processing ASN.1 strings"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3712",
        "datePublished": "2021-08-24T14:50:14.704Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2026-04-16T14:11:16.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-3711 (GCVE-0-2021-3711)

    Vulnerability from cvelistv5 – Published: 2021-08-24 14:50 – Updated: 2024-09-16 18:29
    VLAI
    Title
    SM2 Decryption Buffer Overflow
    Summary
    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
    Create a notification for this product.
    Date Public
    2021-08-24 00:00
    Credits
    John Ouyang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:01:08.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210824.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
              },
              {
                "name": "DSA-4963",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4963"
              },
              {
                "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
              },
              {
                "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202210-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "John Ouyang"
            }
          ],
          "datePublic": "2021-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:07:59.573Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210824.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
            },
            {
              "name": "DSA-4963",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4963"
            },
            {
              "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
            },
            {
              "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-16"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-02"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202210-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-02"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "SM2 Decryption Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3711",
        "datePublished": "2021-08-24T14:50:13.114Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:29:03.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3450 (GCVE-0-2021-3450)

    Vulnerability from cvelistv5 – Published: 2021-03-25 14:25 – Updated: 2024-09-17 03:07
    VLAI
    Title
    CA certificate check bypass with X509_V_FLAG_X509_STRICT
    Summary
    The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
    Severity
    No CVSS data available.
    CWE
    • Invalid Certificate Verification
    Assigner
    References
    URL Tags
    https://www.openssl.org/news/secadv/20210325.txt x_refsource_CONFIRM
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba… x_refsource_CONFIRM
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.openwall.com/lists/oss-security/2021/03/27/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/27/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/28/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2021/03/28/4 mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/202103-03 vendor-advisoryx_refsource_GENTOO
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2021-09 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2021032… x_refsource_CONFIRM
    https://security.FreeBSD.org/advisories/FreeBSD-S… x_refsource_MISC
    https://www.tenable.com/security/tns-2021-05 x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    https://www.tenable.com/security/tns-2021-08 x_refsource_CONFIRM
    https://mta.openssl.org/pipermail/openssl-announc… x_refsource_MISC
    https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)
    Create a notification for this product.
    Date Public
    2021-03-25 00:00
    Credits
    Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210325.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
              },
              {
                "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
              },
              {
                "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
              },
              {
                "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
              },
              {
                "name": "GLSA-202103-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202103-03"
              },
              {
                "name": "FEDORA-2021-cbf14ab8f9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-09"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-08"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
            }
          ],
          "datePublic": "2021-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid Certificate Verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-25T16:35:11.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
            },
            {
              "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
            },
            {
              "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
            },
            {
              "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
            },
            {
              "name": "GLSA-202103-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202103-03"
            },
            {
              "name": "FEDORA-2021-cbf14ab8f9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-09"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-08"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ],
          "title": "CA certificate check bypass with X509_V_FLAG_X509_STRICT",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "openssl-security@openssl.org",
              "DATE_PUBLIC": "2021-03-25",
              "ID": "CVE-2021-3450",
              "STATE": "PUBLIC",
              "TITLE": "CA certificate check bypass with X509_V_FLAG_X509_STRICT"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenSSL",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenSSL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)."
                }
              ]
            },
            "impact": [
              {
                "lang": "eng",
                "url": "https://www.openssl.org/policies/secpolicy.html#High",
                "value": "High"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid Certificate Verification"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openssl.org/news/secadv/20210325.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20210325.txt"
                },
                {
                  "name": "https://www.openssl.org/news/secadv/20210325.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20210325.txt"
                },
                {
                  "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b",
                  "refsource": "CONFIRM",
                  "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
                },
                {
                  "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
                },
                {
                  "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
                },
                {
                  "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
                },
                {
                  "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
                },
                {
                  "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
                },
                {
                  "name": "GLSA-202103-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202103-03"
                },
                {
                  "name": "FEDORA-2021-cbf14ab8f9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-09",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-09"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210326-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
                },
                {
                  "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
                  "refsource": "MISC",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-05",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-05"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-08",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-08"
                },
                {
                  "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
                  "refsource": "MISC",
                  "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3450",
        "datePublished": "2021-03-25T14:25:14.287Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:10.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3449 (GCVE-0-2021-3449)

    Vulnerability from cvelistv5 – Published: 2021-03-25 14:25 – Updated: 2024-09-17 03:43
    VLAI
    Title
    NULL pointer deref in signature_algorithms processing
    Summary
    An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
    Severity
    No CVSS data available.
    CWE
    • NULL pointer dereference
    Assigner
    References
    URL Tags
    https://www.openssl.org/news/secadv/20210325.txt
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba…
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    https://www.debian.org/security/2021/dsa-4875 vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/03/27/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/27/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/28/3 mailing-list
    http://www.openwall.com/lists/oss-security/2021/03/28/4 mailing-list
    https://security.gentoo.org/glsa/202103-03 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.tenable.com/security/tns-2021-10
    https://www.tenable.com/security/tns-2021-09
    https://security.netapp.com/advisory/ntap-2021051…
    https://security.netapp.com/advisory/ntap-2021032…
    https://security.FreeBSD.org/advisories/FreeBSD-S…
    https://www.tenable.com/security/tns-2021-06
    https://www.tenable.com/security/tns-2021-05
    https://kc.mcafee.com/corporate/index?page=conten…
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujul2022.html
    https://security.netapp.com/advisory/ntap-2024062…
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)
    Create a notification for this product.
    Date Public
    2021-03-25 00:00
    Credits
    Peter Kästle (Nokia) and Samuel Sapalski (Nokia)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20210325.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
              },
              {
                "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
              },
              {
                "name": "DSA-4875",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4875"
              },
              {
                "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
              },
              {
                "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
              },
              {
                "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
              },
              {
                "name": "GLSA-202103-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202103-03"
              },
              {
                "name": "FEDORA-2021-cbf14ab8f9",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-06"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
              },
              {
                "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter K\u00e4stle (Nokia) and Samuel Sapalski (Nokia)"
            }
          ],
          "datePublic": "2021-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NULL pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:05:57.096Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20210325.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
            },
            {
              "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
            },
            {
              "name": "DSA-4875",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4875"
            },
            {
              "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
            },
            {
              "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
            },
            {
              "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
            },
            {
              "name": "GLSA-202103-03",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202103-03"
            },
            {
              "name": "FEDORA-2021-cbf14ab8f9",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-09"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
            },
            {
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-06"
            },
            {
              "url": "https://www.tenable.com/security/tns-2021-05"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
            },
            {
              "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ],
          "title": "NULL pointer deref in signature_algorithms processing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2021-3449",
        "datePublished": "2021-03-25T14:25:13.659Z",
        "dateReserved": "2021-03-17T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1967 (GCVE-0-2020-1967)

    Vulnerability from cvelistv5 – Published: 2020-04-21 13:45 – Updated: 2024-09-17 03:13
    VLAI
    Title
    Segmentation fault in SSL_check_chain
    Summary
    Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
    Severity
    No CVSS data available.
    CWE
    • NULL pointer dereference
    Assigner
    References
    URL Tags
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
    https://www.debian.org/security/2020/dsa-4661 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2020/04/22/2 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a41e304992… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r66ea9c436da… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r94d6ac3f010… mailing-listx_refsource_MLIST
    https://security.gentoo.org/glsa/202004-10 vendor-advisoryx_refsource_GENTOO
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/fulldisclosure/2020/May/5 mailing-listx_refsource_FULLDISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-03 x_refsource_CONFIRM
    https://www.openssl.org/news/secadv/20200421.txt x_refsource_CONFIRM
    https://git.openssl.org/gitweb/?p=openssl.git%3Ba… x_refsource_CONFIRM
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020042… x_refsource_CONFIRM
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://github.com/irsl/CVE-2020-1967 x_refsource_MISC
    http://packetstormsecurity.com/files/157527/OpenS… x_refsource_MISC
    https://www.synology.com/security/advisory/Synolo… x_refsource_CONFIRM
    https://www.tenable.com/security/tns-2020-04 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2020071… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_CONFIRM
    https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)
    Create a notification for this product.
    Date Public
    2020-04-21 00:00
    Credits
    Bernd Edlinger
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FreeBSD-SA-20:11",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
              },
              {
                "name": "DSA-4661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4661"
              },
              {
                "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
              },
              {
                "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
              },
              {
                "name": "GLSA-202004-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202004-10"
              },
              {
                "name": "FEDORA-2020-fcc91a28e8",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
              },
              {
                "name": "FEDORA-2020-da2d1ef2d7",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
              },
              {
                "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/May/5"
              },
              {
                "name": "FEDORA-2020-d7b29838f6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
              },
              {
                "name": "openSUSE-SU-2020:0933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2020:0945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20200421.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/CVE-2020-1967"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-04"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bernd Edlinger"
            }
          ],
          "datePublic": "2020-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#High",
                  "value": "High"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NULL pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:39:19.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "name": "FreeBSD-SA-20:11",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
            },
            {
              "name": "DSA-4661",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4661"
            },
            {
              "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
            },
            {
              "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "GLSA-202004-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202004-10"
            },
            {
              "name": "FEDORA-2020-fcc91a28e8",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
            },
            {
              "name": "FEDORA-2020-da2d1ef2d7",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
            },
            {
              "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/May/5"
            },
            {
              "name": "FEDORA-2020-d7b29838f6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
            },
            {
              "name": "openSUSE-SU-2020:0933",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:0945",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.openssl.org/news/secadv/20200421.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/CVE-2020-1967"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-04"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "title": "Segmentation fault in SSL_check_chain",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "openssl-security@openssl.org",
              "DATE_PUBLIC": "2020-04-21",
              "ID": "CVE-2020-1967",
              "STATE": "PUBLIC",
              "TITLE": "Segmentation fault in SSL_check_chain"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenSSL",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenSSL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bernd Edlinger"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."
                }
              ]
            },
            "impact": [
              {
                "lang": "eng",
                "url": "https://www.openssl.org/policies/secpolicy.html#High",
                "value": "High"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NULL pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FreeBSD-SA-20:11",
                  "refsource": "FREEBSD",
                  "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc"
                },
                {
                  "name": "DSA-4661",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4661"
                },
                {
                  "name": "[oss-security] 20200422 [CVE-2020-1967] OpenSSL 1.1.1d+ Segmentation fault in SSL_check_chain",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/04/22/2"
                },
                {
                  "name": "[tomcat-dev] 20200422 Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "[tomcat-dev] 20200422 Re: Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "[tomcat-dev] 20200423 Re: Time for Tomcat Native 1.2.24?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E"
                },
                {
                  "name": "GLSA-202004-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202004-10"
                },
                {
                  "name": "FEDORA-2020-fcc91a28e8",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/"
                },
                {
                  "name": "FEDORA-2020-da2d1ef2d7",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/"
                },
                {
                  "name": "20200501 CVE-2020-1967: proving sigalg != NULL",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/May/5"
                },
                {
                  "name": "FEDORA-2020-d7b29838f6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/"
                },
                {
                  "name": "openSUSE-SU-2020:0933",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2020:0945",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-03"
                },
                {
                  "name": "https://www.openssl.org/news/secadv/20200421.txt",
                  "refsource": "CONFIRM",
                  "url": "https://www.openssl.org/news/secadv/20200421.txt"
                },
                {
                  "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1",
                  "refsource": "CONFIRM",
                  "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200424-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200424-0003/"
                },
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL"
                },
                {
                  "name": "https://github.com/irsl/CVE-2020-1967",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/CVE-2020-1967"
                },
                {
                  "name": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html"
                },
                {
                  "name": "https://www.synology.com/security/advisory/Synology_SA_20_05",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/security/advisory/Synology_SA_20_05"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-04",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-04"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200717-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200717-0004/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2020-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2020-11"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-10"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2020-1967",
        "datePublished": "2020-04-21T13:45:15.136Z",
        "dateReserved": "2019-12-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:46.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }